[Snort-users] Win* machines - port 139 scans
andrew at ...523...
Thu Sep 28 14:46:08 EDT 2000
On Tue, 26 Sep 2000, Kevin Bogac wrote:
> We've got a rash of funlove viruses running around the internal
> network and they're showing up as loads of netbios port scans. I
> guess the virus scans for other boxes with shares so it can spread.
> You could be seeing the same thing.
> On 25 Sep 2000, at 21:39, Jerry Shenk wrote:
> > I've been getting a TON of scans on port 139 for the past week....port
> > 139's been fairly high for awhile but in the last week, it's probably
I've seen lots of port 137 scans - 254 addresses from a class C,
source port 137 dest port 137 - which I attribute to
Recently someone told me about a QAZ virus that also listens on
port 7597 and uses Windows shares to spread
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security at ...524...
PGP ID 0xC7624B49
More information about the Snort-users