[Snort-users] Win* machines - port 139 scans

Jerry Shenk jas at ...129...
Mon Sep 25 21:39:23 EDT 2000


I've been getting a TON of scans on port 139 for the past week....port 139's
been fairly high for awhile but in the last week, it's probably doubled or
trippled.  I've taken to spot-checking these machines and the ones I've
checked have all been win* machines and they've all had shares and printers,
etc. wide open.  How do you 'take over' a Win* machine?  I suppose some type
of Trojan in the startup file or something like that?

Have other people been seeing this also?

--------------------------------------------------------------
Jerry A. Shenk - MCNE, GIAC certified intrusion analyst
Sr. Systems Engineer - Computer Networking Services
D&E Communications, Inc.
jshenk at ...514... (also jas at ...129...)
1-877-433-8632 Fax via efax: (603) 250-1453
my website: http://jerryslinux.dyndns.org/jas





More information about the Snort-users mailing list