RE: Increasing Port 137 Scan rate

["Jonathan A. Zdziarski" <jonathan () cafejesus com>]

Here's where I'm at with the whole netbios thing.  I called one ISP in
canada to inquire as to why I was seeing a bunch of these from their
network.  They told me that netbios name queries occur when some winders
based browsers hit a website, to determine if a particular name is in use
before the client uses it (?) .  I had never heard this happening before, it
was suggested to me that US networks may be filtering netbios out, and so if
all this is true, I am receiving them all from outside of the US most likely
due to the increased amount of web traffic on the 'net lately.

Haven't got a single one from inside the US consequently, but I may just be
lucky.


-----Original Message-----
From: Xno Xutz [mailto:xnoxutz () yahoo com]
Sent: Thursday, August 02, 2001 8:55 AM
To: incidents () securityfocus com
Subject: Increasing Port 137 Scan rate


Hi All,

in the last two weeks I have received an increasing
amout of scans to port 137:UDP (netbios name query).
Is anybody aware of any reason that would explain
this?

Regards,
Xno

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com