Hi, I have also registered aggressive probes on port 137 as well. The increased trafic might be due to the fact that there is a new Internet worm called W32.Opaserv.Worm (Symantec) in the wild. The worm is searching for network shares. Symantec has raised the risk level to 3 (Medium). For analysis of the worm see: http://www.symantec.com/avcenter/venc/data/w32.opaserv.worm.html Med venlig hilsen // Kind regards Peter Kruse Security- and Virusanalyst Telia @ Security http://www.teliainternet.dk Member of AVIEN and FIRST "Acknowledgment of the unknown is the introduction to enlightenment." > -----Oprindelig meddelelse----- > Fra: hugoat_private [mailto:hugoat_private] På > vegne af Hugo van der Kooij > Sendt: 1. oktober 2002 00:18 > Til: Incidents Mailing List > Emne: Re: Unusual volume: UDP:137 probes > > > On Sun, 29 Sep 2002, John Sage wrote: > > > This has received some mention on the UNISOG list and > elsewhere, but > > not here. > > > > Some people have been seeing unusually high volumes of > UDP:137 probes > > since about 09/27/02 late, or early 09/28/02. > > > > I've seen over 220 since early Saturday morning, PDT, on my dialup. > > I can confirm I have a significant increase in these one hit > entries in my > logging. (See also: http://hvdkooij.xs4all.nl/fwlog/) > > Is aanyone aware of the reason for this behaviour? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 21:19:10 PDT