Security Incidents mailing list archives
RE: Increasing Port 137 Scan rate
From: "Jonathan A. Zdziarski" <jonathan () cafejesus com>
Date: Thu, 2 Aug 2001 14:44:48 -0400
Here's where I'm at with the whole netbios thing. I called one ISP in canada to inquire as to why I was seeing a bunch of these from their network. They told me that netbios name queries occur when some winders based browsers hit a website, to determine if a particular name is in use before the client uses it (?) . I had never heard this happening before, it was suggested to me that US networks may be filtering netbios out, and so if all this is true, I am receiving them all from outside of the US most likely due to the increased amount of web traffic on the 'net lately. Haven't got a single one from inside the US consequently, but I may just be lucky. -----Original Message----- From: Xno Xutz [mailto:xnoxutz () yahoo com] Sent: Thursday, August 02, 2001 8:55 AM To: incidents () securityfocus com Subject: Increasing Port 137 Scan rate Hi All, in the last two weeks I have received an increasing amout of scans to port 137:UDP (netbios name query). Is anybody aware of any reason that would explain this? Regards, Xno __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Increasing Port 137 Scan rate Xno Xutz (Aug 02)
- RE: Increasing Port 137 Scan rate Jonathan A. Zdziarski (Aug 02)