Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unusual volume: UDP:137 probes

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Tue, 1 Oct 2002 00:17:39 +0200 (CEST)
On Sun, 29 Sep 2002, John Sage wrote:


This has received some mention on the UNISOG list and elsewhere, but
not here.

Some people have been seeing unusually high volumes of UDP:137 probes
since about 09/27/02 late, or early 09/28/02.

I've seen over 220 since early Saturday morning, PDT, on my dialup.


I can confirm I have a significant increase in these one hit entries in my 
logging. (See also: http://hvdkooij.xs4all.nl/fwlog/)

Is aanyone aware of the reason for this behaviour?

Hugo.

PS: I would appriciate it if people did not send large list in their
messages. Put the list on some site if people want to dig into them they
can find it their and just put a small portion in your message.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: