[Snort-users] Win* machines - port 139 scans
lance at ...185...
Sat Sep 30 11:46:59 EDT 2000
On Fri, 29 Sep 2000, James Hoagland wrote:
> At 9:39 PM -0400 9/28/00, Jerry Shenk wrote:
> >There must be a lot of people with open shares on C. I got two hits this
> >evening on port 137 and one had C open and the other didn't.
> Port 137 is used by NetBIOS for name queries. See:
This has definitely made my 'Scan of The Month'. I've posted the
packet signatures on my site, including the Src systems that have
scanned my network 168 times for these vulnerabilities (you can
check to see if you are being hammered by the same systems).
Actually, port 137 UDP (nbname) has been twice as popular for my
PORT 139 TCP (nbsession): 52 scans
PORT 137 UDP (nbname): 116 scans
If you are intersted, you can find all the fun details at
More information about the Snort-users