Possible probe of port 137 using udp 50?????

From: Carder James O CNIN CONT (CarderJOat_private)
Date: Mon Aug 13 2001 - 06:10:04 PDT

  • Next message: martin.goudreaultat_private: "Re: Winnt/Win2k Vuln ?"

    Hi Everybody,
    
    	Just got a quick question.  I was reviewing logs on my shadow box
    and noticed that for a period of a couple hours we had packet conversation
    between two hosts ( one local and one remote ) through port 137 using udp
    50.  My PIX acl's dont have any ruleset to allow this network in at all
    except through say port 80 to our web servers.  Is this a known attack or
    probe?  Thanks.
    
    James Carder
    



    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 08:49:38 PDT