Fwd: [suse-security] Port 13139 - attack?

[JW <jw () centraltexasit com>]

Forwarded from the SuSE-sec list -- I hope that's ok. If not, sorry.


> I am getting a whole series of probes on port 13139 all of a sudden in my firewall log. 
> This started out of the blue about 6 days ago.  There will be a string of them coming from
> a multitude of different IP addresses within a matter of seconds (I would imagine spoofing
> of the IPs from nmap or a similar tool).
>
> Of course the SuSE firewall2 is dropping all of them, but they continue.
>
> Has anyone else seen this happen recently.  Is there a new attack of some sort which is
> directed to port 13139?  I have never noticed this specific port before with so many hits
> and now it is starting to rival the old nimba entries in my logs.
>
> Thanks,
>
> Jim

He mentioned in another post later that it's UDP.



----------------------------------------------------

Jonathan Wilson
System Administrator

Cedar Creek Software     http://www.cedarcreeksoftware.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com