This is likely NetBIOS Port Probe. They started up in mid August. They were a pain last August and September. I see them from the Road Runner network. RR has not yet admitted that there is a problem. Most firewalls will probably keep they out. They are really only a problem to Windows OS machines with sharing open. John Campbell wrote: > > In the last week, I've started seeing one to several port sweeps per day on > port 139, of a particular nature. Typically the sweep will hit .1 to .255 > of a 24 bit net mask sized address block (generally called, "Class C" > although this can be erroneous) four times. Have found nothing written on > any new worms targetting this port. Source machines are largely North > American. Anyone heard or have ideas about what's going on? My perimeter > firewall's rejecting this traffic, so I get a log entry but no packet detail > (yet.) > > John Campbell, Information Security Engineer > Washington School Information Processing Cooperative > (WSIPC) > E-mail: jcampbellat_private > > > > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 14:43:19 PDT