Jamie, Port 137 is part of Windows' NetBIOS service, used by Windows machines to resolve WINS names and such. Those entries probably are there because folks are using nbtstat to see what's open on that machine, or they're resolving its Windows machine name. There's a .vbs worm about a year old that causes a lot of port 137 connections/lookups, but I'm not sure if it's still as hot now as it was back then. If you see connections to port 139 as well as 137, I'd be a bit more concerned as that would tend to indicate someone is trying to access any open shares on that host. - Tim In previous mail, Arnold, Jamie said: > > > We've seen a large amount of connection attempts to a specific machine here. > We're using FlowData to pull this info. Anyone have any ideas of what this > may be? > > Thanks > > Jamie > > > > 000d 128.226.189.170 0022 66.24.217.4 11 89 89 1 > > 78 > > > > 0 *snip*
This archive was generated by hypermail 2b30 : Tue May 29 2001 - 21:40:08 PDT