Security Incidents mailing list archives
Re: Lots netbios scans (udp 137)
From: woods () WEIRD COM (Greg A. Woods)
Date: Wed, 3 May 2000 03:31:21 -0400
[ On Monday, May 1, 2000 at 20:20:57 (-0500), Ben Laws wrote: ]
Subject: Re: Lots netbios scans (udp 137) Here I've been observing similar scansm, although over a smaller address space. They always originate from a Windows box (determined by `nmap -sS -O target`), and I've seen them come from all over as well. Best to ensure you don't have any open shares on your Windows systems --
The scans I saw last week were always from unrouted networks such as 192.168 and 169.254, but from port 137 and to port 137, and always 78-byte UDP packets. I there any possibility that it's "normal" for a M$-Win box to do this under some circumstances? -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods () acm org> <robohack!woods> Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>
Current thread:
- Re: Lots netbios scans (udp 137) Ben Laws (May 01)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)
- Re: Lots netbios scans (udp 137) Bryan Andersen (May 03)
- odd message showing up logs... Josh Burroughs (May 04)
- Re: odd message showing up logs... Rick Redman (May 06)
- amd exploit(ed)? Paulo Ribeiro (May 07)
- Re: amd exploit(ed)? Mike Murray (May 08)
- Re: amd exploit(ed)? Erich Meier (May 09)
- Re: amd exploit(ed)? Jim Zajkowski (May 09)
- Re: odd message showing up logs... Robert Graham (May 07)
- Port 109 Scans Eric Maiwald (May 04)
- Re: Port 109 Scans Stone (May 06)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)