Security Incidents mailing list archives
Re: Can anyone guess at this "scan"??
From: Guido Bolognesi <guido () DSNET IT>
Date: Thu, 11 Jan 2001 10:33:39 +0100
On Wed, Jan 10, 2001 at 05:20:36PM -0600, Los, Ralph wrote:
01/09/2001 04:34:36.928 - UDP packet dropped - Source:other.net.11.66, 928, WAN - Destination:My.sub.net.162, 137, LAN The scans come at a seemingly timed interval, and after speaking with one of the network OPS personnel over at the company, it appears to be a unconfirmed version of *nix with some sort of mail program running on it.
I would rather guess it is a 10:22am guido@inferno:~>grep 137 /etc/services netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp Windoze netbios traffic. So I see 2 options: - The remote machine is Win-based, and tries to speak with yours - The remote machine is a unix running a version of samba, and behaving accordingly. HTH, HAND -- Guido Bolognesi ... guido () dsnet it Responsabile sistemi ambiente Unix . Cable & Wireless DSNet Unix _is_ user-friendly. Just _very_ selective about his friends.
Current thread:
- Can anyone guess at this "scan"?? Los, Ralph (Jan 10)
- Re: Can anyone guess at this "scan"?? Anders Thulin (Jan 11)
- Re: Can anyone guess at this "scan"?? Guido Bolognesi (Jan 11)
- <Possible follow-ups>
- Re: Can anyone guess at this "scan"?? Howard, Aaron (Jan 11)
- Re: Can anyone guess at this "scan"?? Los, Ralph (Jan 11)
- Re: Can anyone guess at this "scan"?? Duquette, John (Jan 11)
- Re: Can anyone guess at this "scan"?? Sarah Cleveland (Jan 11)