Netbios Name Scans/opaserv worm

From: rocky_scottiat_private
Date: Thu Feb 06 2003 - 09:49:07 PST

Next message: james: "Re: email address probes"

Previous message: Axel Beckert - ecos gmbh: "Re: email address probes"
Next in thread: H C: "Re: Netbios Name Scans/opaserv worm"
Reply: H C: "Re: Netbios Name Scans/opaserv worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Recently I have seen an increase in the amount of netbios name scans from
internal hosts to what appears to be random public and/or private
addresses. In one case we found the w32.opaserv.worm and cleaned, but the
scans continued. In other cases antivirus software found nothing. My
question to the group is:

Is there any legitimate reason for these types of random netbios name
scans, or any netbios name scan for that matter? Also, does anyone know if
there is any way to remotely detect this worm on a machine without running
a local virus scan?

Thanks and Regards
Rocky Scotti
Sr. Network Engineer
Dole Food Company, Inc.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: james: "Re: email address probes"
Previous message: Axel Beckert - ecos gmbh: "Re: email address probes"
Next in thread: H C: "Re: Netbios Name Scans/opaserv worm"
Reply: H C: "Re: Netbios Name Scans/opaserv worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 13:44:19 PST