Since my last message, number of port 139 scan continue to increse from
all over the places (but mostly from @Home .24 network)
As of 3:30EST, there are already 89 scans (from 19 scans @ 02:30).
This is very unusal, since there are only a few scan on 139 before and all
of the sudden there is a big jump.
Is anyone seeing the same thing on their network?
\|/ _____ \|/ ***************************************************
"@'/ , . \`@" This e-mail is send with 100% recyclable electrons.
/_| \___/ |__\ ***************************************************
\___U_/ Derekat_private
---------- Forwarded message ----------
Date: Mon, 13 Aug 2001 02:40:25 -0400 (EDT)
From: Derek Kwan <dkwanat_private>
To: Incidentsat_private
Subject: Do you know any Day 0 hacks use port 139?
Hello World,
In the past few days I have seen increase port 139 scans in the FW log.
Does anyone aware if there is a new hack or just the plain old poking
around "windows file sharing" service?
Before Aug 7: almost 0 port 139 scan detected (well, sometimes maybe 1 or
2 a day)
Aug 7: 7
Aug 8: 7
Aug 9: 4
Aug 10: 60
Aug 11: 87
Aug 12: 86
Aug 13 (from 00:00 - 02:30): 19
\|/ _____ \|/ ***************************************************
"@'/ , . \`@" This e-mail is send with 100% recyclable electrons.
/_| \___/ |__\ ***************************************************
\___U_/ Derekat_private
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 13:03:25 PDT