Here's where I'm at with the whole netbios thing. I called one ISP in canada to inquire as to why I was seeing a bunch of these from their network. They told me that netbios name queries occur when some winders based browsers hit a website, to determine if a particular name is in use before the client uses it (?) . I had never heard this happening before, it was suggested to me that US networks may be filtering netbios out, and so if all this is true, I am receiving them all from outside of the US most likely due to the increased amount of web traffic on the 'net lately. Haven't got a single one from inside the US consequently, but I may just be lucky. -----Original Message----- From: Xno Xutz [mailto:xnoxutzat_private] Sent: Thursday, August 02, 2001 8:55 AM To: incidentsat_private Subject: Increasing Port 137 Scan rate Hi All, in the last two weeks I have received an increasing amout of scans to port 137:UDP (netbios name query). Is anybody aware of any reason that would explain this? Regards, Xno __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 13:15:41 PDT