I too have seen port 139 attempts. Here is the packet data: CID:2339 [**] LOCAL/NETBIOS TCP attempt [**] 2001-09-07 13:03:31 64.167.140.172:3897 -> 64.x.x.x:139 TCP TTL:116 TOS:0x0 ID:65402 IPLen: DgmLen:48 HLen:5 CSumIP:0x588F ******S* Seq:0xAD5B1A5 Ack:0x0 Win:0x2000 CSumTCP:0xE814 TCP Options (4) => MSS:05C2 NO-OP NO-OP SACKOK All of the attempts have come from ip's starting with 64.x.x.x. Most interestingly, all (277 attempts from 35 hosts since 9/3)except one have come from pacbell DSL subscribers. Any ideas? Kevin Holmquist ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Sep 08 2001 - 12:32:29 PDT