[Snort-users] Netbios attack

Michael Smith msmith4 at ...795...
Wed Nov 15 12:07:28 EST 2000


I got a portscan on 137 from rr.com.  Of course, I've got a Debian box with
nothing listening on 137, so there's no harm done.  I sent them the log entry
and a short message that said that they might have a problem with that box.
Their reply was that the probe I received was most likely a reply to some
sort of web surfing that I was doing and that maybe if I had a more
sophistocated alarm installed, it would show this.  I laughed.  Oh well, I
was trying to do them a favor.

At any rate, I've been seeing an increase in port 137 scans over the past
month or so.

Dr SuSE wrote:

> The second attempt from 24.163.71.18 which resolved to an rr.com host was
> quick and simple.  This person did establish a netbios connection, then
> attempted to access the C drive but once again it was rejected by my
> machine since the C drive was not shared.
>

--
Michael J. Smith msmith4 at ...795...
2250 Patterson #25 Eugene, OR 97405
(541)346-7562






More information about the Snort-users mailing list