[Snort-users] Very interesting packet
fygrave at ...121...
Sun Jul 30 06:39:19 EDT 2000
~ :Good guess! But it looks like they are sequentially scanning systems
~ :blindly, they scanned 7 systems of mine that do not exist. So, if
~ :they do not get any response, they either have a Windows box, or
~ :no box at all. Seems to be easier ways to get info ?!?
Blind guess: I've been seeing udp 137<-->137 traffic being rejected on my
firewalls for quite long time. Further investigation showed up that if
netbios is configured on external `interface' of windoze box, windoze
tries to resolve remote boxen name via netbios as well. Maybe this is
another breed of microsoft crawling featurism? :)
More information about the Snort-users