[Snort-users] Netbios attack
Robert L. Yelvington
rly at ...579...
Wed Nov 15 17:20:52 EST 2000
Regarding the increase in port 137 scans, i've noticed this as well...
Michael Smith wrote:
> I got a portscan on 137 from rr.com. Of course, I've got a Debian box with
> nothing listening on 137, so there's no harm done. I sent them the log entry
> and a short message that said that they might have a problem with that box.
> Their reply was that the probe I received was most likely a reply to some
> sort of web surfing that I was doing and that maybe if I had a more
> sophistocated alarm installed, it would show this. I laughed. Oh well, I
> was trying to do them a favor.
> At any rate, I've been seeing an increase in port 137 scans over the past
> month or so.
> Dr SuSE wrote:
> > The second attempt from 126.96.36.199 which resolved to an rr.com host was
> > quick and simple. This person did establish a netbios connection, then
> > attempted to access the C drive but once again it was rejected by my
> > machine since the C drive was not shared.
> Michael J. Smith msmith4 at ...795...
> 2250 Patterson #25 Eugene, OR 97405
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users