Security Incidents mailing list archives
Port 137 scans on the rise
From: bryan () VISI COM (Bryan Andersen)
Date: Thu, 20 Apr 2000 10:54:55 -0500
Hi, Bad news, I'm beginning to see 1 to 2 port 137 scans a day. This means alot more systems are being infected. If at all possible it would be a wise percaution to just block both incomming and outgoing data to ports 137, 138, and 139 in both TCP and UDP at your firewall. CERT has a new writeup on the 911 culprit: http://www.cert.org/current/current_activity.html#shares A writeup on the network VBS_NETLOG worm can be found at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_NETLOG.WORM -- | Bryan Andersen | bryan () visi com | http://softail.visi.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen |
Current thread:
- Re: I am popular today..., (continued)
- Re: I am popular today... Ville (Apr 29)
- Lots netbios scans (udp 137) Russell Fulton (Apr 30)
- High port UDP probe? Damian Gerow (Apr 25)
- Re: High port UDP probe? Mark Rowe (Apr 26)
- Lots of scan on port 9520 Erick Perez (Apr 25)
- possible bind worm? Roelof Temmingh (Apr 25)
- Re: Rooted through in.identd on Red Hat 6.0 Erich Meier (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Brett Glass (Apr 20)
- Tools to analyze "captured" binaries? -Reply Network Security (Apr 20)
- Re: Tools to analyze "captured" binaries? -Reply Ex Machina (Apr 22)
- Port 137 scans on the rise Bryan Andersen (Apr 20)
- Re: Port 137 scans on the rise horio shoichi (Apr 22)