Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Can anyone guess at this "scan"??
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: Can anyone guess at this "scan"??
  • From: Guido Bolognesi <[EMAIL PROTECTED]>
  • Date: Thu, 11 Jan 2001 21:02:08 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
On Wed, Jan 10, 2001 at 05:20:36PM -0600, Los, Ralph wrote:
> 01/09/2001 04:34:36.928 - 	UDP packet dropped -
> Source:other.net.11.66, 928, WAN - 	Destination:My.sub.net.162, 137, LAN
>
> 	The scans come at a seemingly timed interval, and after speaking
> with one of the network OPS personnel over at the company, it appears to be
> a unconfirmed version of *nix with some sort of mail program running on it.
I would rather guess it is a

10:22am [EMAIL PROTECTED]:~>grep 137 /etc/services
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp

Windoze netbios traffic.

So I see 2 options:
- The remote machine is Win-based, and tries to speak with yours
- The remote machine is a unix running a version of samba, and
  behaving accordingly.

HTH, HAND
--
Guido Bolognesi ... [EMAIL PROTECTED]
Responsabile sistemi ambiente Unix . Cable & Wireless DSNet
Unix _is_ user-friendly. Just _very_ selective about his friends.
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.