Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unusual volume: UDP:137 probes

From: Emeric Miszti <emeric () uksecurityonline com>
Date: Mon, 30 Sep 2002 16:54:59 +0100
On Monday 30 Sep 2002 9:33 am, Mark Forsyth wrote:

On Monday, September 30, 2002 9:02 AM, John Sage 
[SMTP:jsage () finchhaven com] wrote:

This has received some mention on the UNISOG list and elsewhere, but
not here.

Some people have been seeing unusually high volumes of UDP:137 probes
since about 09/27/02 late, or early 09/28/02.


A few people (who log sych things) on the Optus cable network in Australia 
have been seeing it too.
In my case since Sep 20 it's gone ...
Sep 20  2 hits
Sep 21, 22, 23 0 hits
Sep 24 3 hits
Sep 25 0 hits
Sep 26 4 hits
Sep 27 2 hits
Sep 28 156 hits Starting at 02:20 (Aust. EST)
Sep 29 410 hits
Sep 30 406 hits up until 18:24



Been seeing exactly the same spike with same patterns. Up from 40 odd scans on 
28/9/2002 to 495 already today.

Incidents.org have picked this up at the Internet Storm Center

http://isc.incidents.org/port_details.html?port=137

No explanations or reasons been given by anyone yet.

-- 
Emeric Miszti
UK Security Online
http://www.uksecurityonline.com

Tel No: 0870 088 5689
Fax No: 0870 706 2162

PGP Public Key available at 
http://www.uksecurityonline.com/emeric.asc


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: