Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Can anyone guess at this "scan"??
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: Can anyone guess at this "scan"??
  • From: Daniel Martin <[EMAIL PROTECTED]>
  • Date: Fri, 12 Jan 2001 21:05:40 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
For what it's worth, I used to receive fairly regular UDP high port ->
port 137 packets from @home's web proxy servers to my cable box.  In
that case, what was going on (as far as I was ever able to determine)
was that the log program @home was using was trying to resolve my
computer's IP address into a computer name.  Why it didn't just use my
computer's DNS name (considering that @home's log-analysis programs
should be able to reach @home's DNS servers) is beyond me.  I find
this especially odd behavior since everything else indicated that the
web proxies were unix boxes; maybe the log analysis program itself
knows about resolving names via windows networking.  (Or is there some
weird Samba hook into the standard name-resolution scheme?)

I stopped logging port 137 UDP a while ago, so I don't know if this is
still occurring.
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.