Security Incidents mailing list archives
Re: PORT 137
From: Tim Yocum <tim () yocum org>
Date: Tue, 29 May 2001 21:50:46 -0500
Jamie, Port 137 is part of Windows' NetBIOS service, used by Windows machines to resolve WINS names and such. Those entries probably are there because folks are using nbtstat to see what's open on that machine, or they're resolving its Windows machine name. There's a .vbs worm about a year old that causes a lot of port 137 connections/lookups, but I'm not sure if it's still as hot now as it was back then. If you see connections to port 139 as well as 137, I'd be a bit more concerned as that would tend to indicate someone is trying to access any open shares on that host. - Tim In previous mail, Arnold, Jamie said:
We've seen a large amount of connection attempts to a specific machine here. We're using FlowData to pull this info. Anyone have any ideas of what this may be? Thanks Jamie000d 128.226.189.170 0022 66.24.217.4 11 89 89 1 78 0
*snip*
Current thread:
- PORT 137 Arnold, Jamie (May 29)
- Re: PORT 137 Alex (May 29)
- Re: PORT 137 Tim Yocum (May 29)