Security Incidents mailing list archives
Re: PORT 137
From: Alex <alex () nixfreak org>
Date: Tue, 29 May 2001 21:10:28 -0400 (EDT)
Hi, Many times when an NT or perhaps W2K machine connects to another machine it tries to do a NetBIOS name service lookup through port 137 from port 137. Although, often times, there are also probes using similiar traffic. I'm assuming this is UDP traffic? -Alex On Tue, 29 May 2001, Arnold, Jamie wrote:
We've seen a large amount of connection attempts to a specific machine here. We're using FlowData to pull this info. Anyone have any ideas of what this may be? Thanks Jamie000d 128.226.189.170 0022 66.24.217.4 11 89 89 1 78 000d 128.226.189.170 00d5 1.221.189.190 11 89 89 2 156 000d 128.226.189.170 00d5 1.61.189.192 11 89 89 2 156 000d 128.226.189.170 00d5 119.155.168.215 11 89 89 2 156 000d 128.226.189.170 00d5 121.105.79.232 11 89 89 2 156 000d 128.226.189.170 00d5 125.137.12.113 11 89 89 2 156 000d 128.226.189.170 00d5 129.154.77.141 11 89 89 2 156 000d 128.226.189.170 00d5 134.247.39.107 11 89 89 2 156 000d 128.226.189.170 00d5 134.42.192.122 11 89 89 2 156 000d 128.226.189.170 00d5 135.22.102.194 11 89 89 2 156 000d 128.226.189.170 00d5 135.4.50.147 11 89 89 2 156 000d 128.226.189.170 00d5 136.13.84.150 11 89 89 2 156 000d 128.226.189.170 00d5 14.231.253.147 11 89 89 2 156 000d 128.226.189.170 00d5 146.72.91.64 11 89 89 2 156 000d 128.226.189.170 00d5 148.86.180.95 11 89 89 2 156 000d 128.226.189.170 00d5 151.68.154.128 11 89 89 2 156 000d 128.226.189.170 00d5 152.60.155.51 11 89 89 2 156 000d 128.226.189.170 00d5 152.97.52.216 11 89 89 2 156 000d 128.226.189.170 00d5 154.105.98.60 11 89 89 2 156 000d 128.226.189.170 00d5 154.80.101.19 11 89 89 2 156 000d 128.226.189.170 00d5 155.43.239.69 11 89 89 2 156 000d 128.226.189.170 00d5 155.8.238.170 11 89 89 2 156 000d 128.226.189.170 00d5 156.26.119.63 11 89 89 2 156 000d 128.226.189.170 00d5 158.126.202.150 11 89 89 2 156 000d 128.226.189.170 00d5 159.175.162.138 11 89 89 2 156 000d 128.226.189.170 00d5 16.14.55.150 11 89 89 2 156 000d 128.226.189.170 00d5 164.138.171.20 11 89 89 2 156 000d 128.226.189.170 00d5 171.69.87.56 11 89 89 2 156 000d 128.226.189.170 00d5 177.42.105.139 11 89 89 2 156 000d 128.226.189.170 00d5 179.150.73.14 11 89 89 2 156 000d 128.226.189.170 00d5 181.78.196.75 11 89 89 2 156 000d 128.226.189.170 00d5 187.65.70.131 11 89 89 2 156 000d 128.226.189.170 00d5 188.174.121.81 11 89 89 2 156 000d 128.226.189.170 00d5 188.199.104.81 11 89 89 2 156 000d 128.226.189.170 00d5 188.60.131.65 11 89 89 2 156 000d 128.226.189.170 00d5 213.215.214.65 11 89 89 5 390 000d 128.226.189.170 00d5 216.49.45.12 11 89 89 2 156 000d 128.226.189.170 00d5 220.124.249.19 11 89 89 2 156 000d 128.226.189.170 00d5 24.141.134.193 11 89 89 2 156 000d 128.226.189.170 00d5 25.73.123.137 11 89 89 2 156 000d 128.226.189.170 00d5 26.220.161.73 11 89 89 2 156 000d 128.226.189.170 00d5 26.89.11.73 11 89 89 2 156 000d 128.226.189.170 00d5 28.129.24.241 11 89 89 2 156 000d 128.226.189.170 00d5 28.239.96.64 11 89 89 2 156 000d 128.226.189.170 00d5 3.146.65.247 11 89 89 2 156 000d 128.226.189.170 00d5 30.167.81.241 11 89 89 2 156 000d 128.226.189.170 00d5 40.93.195.33 11 89 89 2 156 000d 128.226.189.170 00d5 45.48.149.157 11 89 89 2 156 000d 128.226.189.170 00d5 48.101.131.250 11 89 89 2 156 000d 128.226.189.170 00d5 49.10.77.103 11 89 89 2 156 000d 128.226.189.170 00d5 5.165.218.217 11 89 89 2 156 000d 128.226.189.170 00d5 6.31.71.125 11 89 89 2 156 000d 128.226.189.170 00d5 61.159.25.174 11 89 89 2 156 000d 128.226.189.170 00d5 64.85.184.62 11 89 89 2 156 000d 128.226.189.170 00d5 68.8.217.86 11 89 89 2 156 000d 128.226.189.170 00d5 7.224.118.168 11 89 89 2 156 000d 128.226.189.170 00d5 70.62.153.97 11 89 89 2 156 000d 128.226.189.170 00d5 71.120.210.202 11 89 89 5 390 000d 128.226.189.170 00d5 73.55.70.95 11 89 89 2 156 000d 128.226.189.170 00d5 73.8.171.67 11 89 89 2 156 000d 128.226.189.170 00d5 8.253.107.151 11 89 89 2 156 000d 128.226.189.170 00d5 80.54.72.198 11 89 89 2 156 000d 128.226.189.170 00d5 88.206.16.135 11 89 89 2 156 000d 128.226.189.170 00d5 91.149.163.232 11 89 89 2 156 000d 128.226.189.170 00d5 96.107.104.159 11 89 89 2 156 000d 128.226.189.170 00d5 99.59.36.160 11 89 89 2 156 ******************************** Frank Scoblick Computing Services Binghamton University E-mail: scoblick () binghamton edu Voice: 607-777-4232 Fax: 607-777-4009 ********************************
Current thread:
- PORT 137 Arnold, Jamie (May 29)
- Re: PORT 137 Alex (May 29)
- Re: PORT 137 Tim Yocum (May 29)