Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

SV: Unusual volume: UDP:137 probes

From: "Peter Kruse" <kruse () railroad dk>
Date: Tue, 1 Oct 2002 08:35:20 +0200
Hi,

I have also registered aggressive probes on port 137 as well. The
increased trafic might be due to the fact that there is a new Internet
worm called W32.Opaserv.Worm (Symantec) in the wild. The worm is
searching for network shares. Symantec has raised the risk level to 3
(Medium). For analysis of the worm see:
http://www.symantec.com/avcenter/venc/data/w32.opaserv.worm.html

Med venlig hilsen // Kind regards

Peter Kruse
Security- and Virusanalyst
Telia @ Security
http://www.teliainternet.dk
Member of AVIEN and FIRST

"Acknowledgment of the unknown is 
the introduction to enlightenment."



-----Oprindelig meddelelse-----
Fra: hugo () vanderkooij org [mailto:hugo () vanderkooij org] På 
vegne af Hugo van der Kooij
Sendt: 1. oktober 2002 00:18
Til: Incidents Mailing List
Emne: Re: Unusual volume: UDP:137 probes


On Sun, 29 Sep 2002, John Sage wrote:


This has received some mention on the UNISOG list and 

elsewhere, but 

not here.

Some people have been seeing unusually high volumes of 

UDP:137 probes 

since about 09/27/02 late, or early 09/28/02.

I've seen over 220 since early Saturday morning, PDT, on my dialup.


I can confirm I have a significant increase in these one hit 
entries in my 
logging. (See also: http://hvdkooij.xs4all.nl/fwlog/)

Is aanyone aware of the reason for this behaviour?



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: