Security Incidents mailing list archives
Re: Unusual volume: UDP:137 probes
From: Emeric Miszti <emeric () uksecurityonline com>
Date: Mon, 30 Sep 2002 16:54:59 +0100
On Monday 30 Sep 2002 9:33 am, Mark Forsyth wrote:
On Monday, September 30, 2002 9:02 AM, John Sage [SMTP:jsage () finchhaven com] wrote:This has received some mention on the UNISOG list and elsewhere, but not here. Some people have been seeing unusually high volumes of UDP:137 probes since about 09/27/02 late, or early 09/28/02.A few people (who log sych things) on the Optus cable network in Australia have been seeing it too. In my case since Sep 20 it's gone ... Sep 20 2 hits Sep 21, 22, 23 0 hits Sep 24 3 hits Sep 25 0 hits Sep 26 4 hits Sep 27 2 hits Sep 28 156 hits Starting at 02:20 (Aust. EST) Sep 29 410 hits Sep 30 406 hits up until 18:24
Been seeing exactly the same spike with same patterns. Up from 40 odd scans on 28/9/2002 to 495 already today. Incidents.org have picked this up at the Internet Storm Center http://isc.incidents.org/port_details.html?port=137 No explanations or reasons been given by anyone yet. -- Emeric Miszti UK Security Online http://www.uksecurityonline.com Tel No: 0870 088 5689 Fax No: 0870 706 2162 PGP Public Key available at http://www.uksecurityonline.com/emeric.asc ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Unusual volume: UDP:137 probes John Sage (Sep 29)
- <Possible follow-ups>
- RE: Unusual volume: UDP:137 probes Mark Forsyth (Sep 30)
- Re: Unusual volume: UDP:137 probes Emeric Miszti (Sep 30)
- RE: Unusual volume: UDP:137 probes Brett Procter (Sep 30)
- RE: Unusual volume: UDP:137 probes fingers (Sep 30)
- Re: Unusual volume: UDP:137 probes Scott McGee (Sep 30)
- Re: Unusual volume: UDP:137 probes Scott McGee (Sep 30)
- RE: Unusual volume: UDP:137 probes Mark Forsyth (Sep 30)