Originally posted here by slarty
Are you sure they're not replies to packets your Windoze machine sends out?

Does your windoze box send DNS requests originating from 137?

Or is your box sending its own NETBIOS-NS requests and recieving responses from them?

Do you have the contents of a few packets you could share with us?
The slamming continues.....here's my incoming log:

64.246.79.243 137
218.64.91.173 137
130.37.56.127 137
209.202.101.214 137
210.230.112.187 137
63.136.112.231 137
218.77.226.141 137
61.0.208.5 137
210.94.46.141 137
203.229.163.4 137
200.168.132.44 137
200.170.244.101 137
80.105.217.198 137
200.82.170.213 137
216.147.137.64 137
211.191.41.226 137
200.35.100.80 137
62.175.156.207 137
151.24.217.33 137
64.170.52.138 137
80.6.125.129 137
206.28.189.39 137
200.204.179.6 137
200.228.81.73 137
206.49.32.178 137
64.173.8.229 137
62.11.19.181 137
193.194.184.71 137
218.232.248.51 137
212.145.131.33 137
148.244.164.31 137
61.130.126.76 137
212.175.169.249 137
212.253.186.194 137
151.24.19.153 137
81.112.48.123 137
61.75.47.2 137
213.176.191.138 137
200.72.214.10 137
200.151.152.200 137
210.91.161.87 137
62.83.123.215 137
193.133.125.109 137
64.32.122.138 137
61.60.158.229 137
217.53.4.187 137
61.11.52.74 137
193.225.172.158 137
218.144.133.34 137
61.77.191.45 137
213.81.218.11 137
61.140.50.8 137
211.221.88.95 137
61.82.102.72 137
195.132.22.75 137
61.229.90.231 137
200.253.200.27 137
203.232.233.88 137
211.91.111.84 137
219.93.229.118 137
200.167.225.51 137
200.253.188.66 137
80.25.28.206 137
213.46.28.70 137
194.90.152.84 137
217.58.55.145 137
218.86.175.137 137
62.174.164.167 137
63.84.237.174 137
213.22.235.160 137


There are no requests for port 137 going out either.....must be a worm out there