Security Incidents mailing list archives

Re: Can anyone guess at this "scan"??

From: Guido Bolognesi <guido () DSNET IT>
Date: Thu, 11 Jan 2001 10:33:39 +0100

On Wed, Jan 10, 2001 at 05:20:36PM -0600, Los, Ralph wrote:

01/09/2001 04:34:36.928 -     UDP packet dropped -
Source:other.net.11.66, 928, WAN -    Destination:My.sub.net.162, 137, LAN

      The scans come at a seemingly timed interval, and after speaking
with one of the network OPS personnel over at the company, it appears to be
a unconfirmed version of *nix with some sort of mail program running on it.

I would rather guess it is a

10:22am guido@inferno:~>grep 137 /etc/services
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp

Windoze netbios traffic.

So I see 2 options:
- The remote machine is Win-based, and tries to speak with yours
- The remote machine is a unix running a version of samba, and
  behaving accordingly.

HTH, HAND
--
Guido Bolognesi ... guido () dsnet it
Responsabile sistemi ambiente Unix . Cable & Wireless DSNet
Unix _is_ user-friendly. Just _very_ selective about his friends.

Current thread:

Can anyone guess at this "scan"?? Los, Ralph (Jan 10)
- Re: Can anyone guess at this "scan"?? Anders Thulin (Jan 11)
- Re: Can anyone guess at this "scan"?? Guido Bolognesi (Jan 11)
- <Possible follow-ups>
- Re: Can anyone guess at this "scan"?? Howard, Aaron (Jan 11)
- Re: Can anyone guess at this "scan"?? Los, Ralph (Jan 11)
- Re: Can anyone guess at this "scan"?? Duquette, John (Jan 11)
- Re: Can anyone guess at this "scan"?? Sarah Cleveland (Jan 11)