Re: Connection to port 137

[Lance Spitzner <lance () SPITZNER NET>]

On Fri, 24 Nov 2000, Darryl Luff wrote:

> We had 600 of these scans in the first two weeks of November. I haven't
> counted them up lately but they seem to be increasing every day. If you
> check the source address (net view \\ip.address), I think you'll find a
> windows machine with a writeable share published to the internet. The ones
> I've looked at have been infected with one of the automated worms currently
> doing the rounds. These things are a bit of a worry, just from the amount of
> traffic they cause. Every infected machine starts automatically scanning
> random IP's looking for new victims, and infecting the ones it finds, so the
> traffic increases daily.
>
> There was a link to a good writeup on these worms published recently either
> here or on the firewalls list, but I've lost the URL.

Know Your Enemy: Worms at War
http://www.enteract.com/~lspitz/worm.html

lance