>NetBIOS over TCP traditionally uses the following ports: > >nbname 137/UDP >nbname 137/TCP >nbdatagram 138/UDP >nbsession 139/TCP > >Direct hosted "NetBIOS-less" SMB traffic uses the following port: > >MICROSOFT-DS 445/TCP >MICROSOFT-DS 445/UDP > >Looks like you're being scanned for open shares (the usual), but the >scanner/worm/potential intruder now knows about "NeBIOS-less" SMB traffic >port too. > >This could be a DoS Attack on port 445 too, see >http://www.vnunet.com/News/1131065 >but i doubt that since you said It was followed by nbname lookup, so It's >probably looking for openshares. And, if I remember correctly, port 445 is specifically related to Win2k and XP. Brian Collins Systems Administrator Newnan Utilities ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 10:42:48 PDT