FYI: Slow port 137 scanning in reverse IP# order

[Bryan Andersen <bryan () visi com>]

For Your Information

Slow port 137 scanning in reverse IP# order.

This is a new scan signature I haven't seen before.

Times are refferenced to US/Central, GMT-600.

Nov 26 18:10:27 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.19:137 L=78 S=0x00 I=21574 F=0x0000 T=113
Nov 26 18:10:29 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.19:137 L=78 S=0x00 I=21830 F=0x0000 T=113
Nov 26 18:10:30 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.19:137 L=78 S=0x00 I=22086 F=0x0000 T=113
Nov 26 18:12:54 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.17:137 L=78 S=0x00 I=46662 F=0x0000 T=113
Nov 26 18:12:56 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.17:137 L=78 S=0x00 I=46918 F=0x0000 T=113
Nov 26 18:12:57 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.17:137 L=78 S=0x00 I=47174 F=0x0000 T=113
Nov 26 18:15:19 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.16:137 L=78 S=0x00 I=5703 F=0x0000 T=113
Nov 26 18:15:20 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.16:137 L=78 S=0x00 I=5959 F=0x0000 T=113
Nov 26 18:15:22 gateway kernel: Packet log: input DENY eth0 PROTO=17
src:137 dst.16:137 L=78 S=0x00 I=6215 F=0x0000 T=113

--
|  Bryan Andersen   |   bryan () visi com   |   http://softail.visi.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |