While I am only looking at my home network (tampabay.rr.com) here is a list of port 137 probes: Sep 30 (Today up till 5:30PM): 201 Sep 29: 89 Sep 28: 98 Sep 27: 11 Very strange how it's picking up more & more each day -----Original Message----- From: Scott McGee [mailto:scottmcgeeat_private] Sent: Monday, September 30, 2002 12:43 PM To: incidentsat_private Subject: Re: Unusual volume: UDP:137 probes Seeing the same thing here on Adelphia.net cable modem network: Sep 18 - 2 Sep 19 - 0 Sep 20 - 0 Sep 21 - 0 Sep 22 - 0 Sep 23 - 1 Sep 24 - 0 Sep 25 - 1 Sep 26 - 2 Sep 27 - 19 Sep 28 - 95 Sep 29 - 146 Sep 30 - 68 up to 9:33 AM PST Scott ----- Original Message ----- From: "Mark Forsyth" <forsythmat_private> Sent: Monday, September 30, 2002 1:33 AM Subject: RE: Unusual volume: UDP:137 probes | | On Monday, September 30, 2002 9:02 AM, John Sage | [SMTP:jsageat_private] wrote: | > Some people have been seeing unusually high volumes of UDP:137 probes | > since about 09/27/02 late, or early 09/28/02. | | A few people (who log sych things) on the Optus cable network in Australia | have been seeing it too. | In my case since Sep 20 it's gone ... | Sep 20 2 hits | Sep 21, 22, 23 0 hits | Sep 24 3 hits | Sep 25 0 hits | Sep 26 4 hits | Sep 27 2 hits | Sep 28 156 hits Starting at 02:20 (Aust. EST) | Sep 29 410 hits | Sep 30 406 hits up until 18:24 ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 19:02:57 PDT