I have detected a noticeable increase of (blocked) attempts to connect
to the TCP port 139 on machines in our network. Look at these numbers
(number of blocked packets per a day):
1 Jun 10
5 Jun 11
13 Jun 12
15 Jun 13
3 Jun 15
3 Jun 16
4 Jun 17
13 Jun 18
18 Jun 19
16 Jun 20
15 Jun 21
4 Jun 22
2 Jun 23
23 Jun 24
18 Jun 25
44 Jun 26
95 Jun 27
112 Jun 28
84 Jun 29
53 Jun 30
130 Jul 1
191 Jul 2
227 Jul 3
235 Jul 4
226 Jul 5
185 Jul 6
167 Jul 7
350 Jul 8
199 Jul 9
These probes are not (ordinary) scans but isolated attempts by seemingly
random remote IP addresses to open connection to seemingly random local IP
addresses. In many cases, the destination is an unused address.
This is very suspicious.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 13:30:32 PDT