Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Can anyone guess at this "scan"??
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: Can anyone guess at this "scan"??
  • From: "Laumann, Dave" <[EMAIL PROTECTED]>
  • Date: Fri, 12 Jan 2001 22:59:33 +0100
.
 
well if the source ports are accurate, then this likely is not netbios-ns
from a windows machine as someone else pointed out. iirc, netbios-ns from
win machines have a source of 137. if there is a nat/firewall/proxy/etc in
between the two machines the source port might change, but a
nat/firewall/proxy device giving src ports < 1024??

as you pointed out, it looks to be a unix host...

-dave

> Hey all,
>
> 	Can someone maybe give me a clue where to dig on
> finding out what
> this type of "scan" is?...whether it's anything known?
>
> 01/09/2001 04:34:36.928 - 	UDP packet dropped -
> Source:other.net.11.66, 928, WAN - 	
> Destination:My.sub.net.162, 137, LAN
> - 	 - 	
> 01/09/2001 04:41:23.416 - 	UDP packet dropped -
> Source:other.net.11.66, 642, WAN - 	
> Destination:My.sub.net.162, 137, LAN
> - 	 - 	
> 01/09/2001 04:50:59.592 - 	UDP packet dropped -
> Source:other.net.11.66, 949, WAN - 	
> Destination:My.sub.net.162, 137, LAN
> - 	 - 	
> 01/09/2001 04:57:10.336 - 	UDP packet dropped -
> Source:other.net.11.66, 690, WAN - 	
> Destination:My.sub.net.162, 137, LAN
> - 	 - 	
> 01/09/2001 05:05:04.480 - 	UDP packet dropped -
> Source:other.net.11.66, 872, WAN - 	
> Destination:My.sub.net.162, 137, LAN
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.