Since my last message, number of port 139 scan continue to increse from all over the places (but mostly from @Home .24 network) As of 3:30EST, there are already 89 scans (from 19 scans @ 02:30). This is very unusal, since there are only a few scan on 139 before and all of the sudden there is a big jump. Is anyone seeing the same thing on their network? \|/ _____ \|/ *************************************************** "@'/ , . \`@" This e-mail is send with 100% recyclable electrons. /_| \___/ |__\ *************************************************** \___U_/ Derekat_private ---------- Forwarded message ---------- Date: Mon, 13 Aug 2001 02:40:25 -0400 (EDT) From: Derek Kwan <dkwanat_private> To: Incidentsat_private Subject: Do you know any Day 0 hacks use port 139? Hello World, In the past few days I have seen increase port 139 scans in the FW log. Does anyone aware if there is a new hack or just the plain old poking around "windows file sharing" service? Before Aug 7: almost 0 port 139 scan detected (well, sometimes maybe 1 or 2 a day) Aug 7: 7 Aug 8: 7 Aug 9: 4 Aug 10: 60 Aug 11: 87 Aug 12: 86 Aug 13 (from 00:00 - 02:30): 19 \|/ _____ \|/ *************************************************** "@'/ , . \`@" This e-mail is send with 100% recyclable electrons. /_| \___/ |__\ *************************************************** \___U_/ Derekat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 13:03:25 PDT