-
November 5th, 2002, 09:29 PM
#1
Getting SLAMMED with TCP 137 probes....new nastyware out there?
hey
I'm presently getting inundated with incoming NetBIOS probles from all over the place.....ois there someting going on (as in a worm)?
-
November 5th, 2002, 09:37 PM
#2
It could be W32.Bird.A@MM. It is new and it will try and spread via network shares.
Cheers:
-
November 5th, 2002, 09:48 PM
#3
I just checked my IDS logs and I am not seeing anything unusual yet....
Work... Some days it's just not worth chewing through the restraints...
-
November 5th, 2002, 09:48 PM
#4
When BugBear first was exposed, my firewall at my house was getting slammed with 137's as well - I did some checking, and I concluded that the probes were more than likely BugBear infected machines...
-
November 5th, 2002, 10:06 PM
#5
Agree with Maverick. A good place to look if you are getting inundated with traffic is :
www.incidents.org
They have a distrubted IDS type system setup where people supply firewalls and ids logs to report who is scanning/doing bad things. You can at least see if other people are seeing the type of traffic you are seeing, and what, if they know, is causing it...
You should see one of the first titles there is increased 137 scans...probably your culprit.
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
November 5th, 2002, 10:17 PM
#6
Probes.....
Hi all;
There is this real neat program that will do just what you are seening...
It will run on all of the M$ os's
http://www.rawlogic.com/
It is a real good way to test your own shares
as well....
I guess Neat is a little heavy for a tool that will scan
both class "c"s and "b"s with no extra input
and can be used to break into a computer.....
Sorry...long day...been working outside installing some customer equipment
Franklin Werren at www.bagpipes.net
Yes I do play the Bagpipes!
And learning to Play the Bugle
-
November 6th, 2002, 02:07 AM
#7
Senior Member
ever since i got ADSL and set up a small four-computer home lan, my router has been catching scans from computers...destined for ports 137-139. At first I reported them to my ISP...but I never got a response so I assumed they did nothing so I just ignore it now.
As long as your firewall is catching...and stopping (duhh) it, then I wouldn't worry about it, but that's just me.
Either get busy living or get busy dying.
-The Sawshank Redemption
-
November 6th, 2002, 10:40 AM
#8
I'm been getting the same but on 137 but via UDP, at the rate of one a minuate, and like you said they are from all over the place
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"
-
November 6th, 2002, 10:40 AM
#9
Are you sure they're not replies to packets your Windoze machine sends out?
Does your windoze box send DNS requests originating from 137?
Or is your box sending its own NETBIOS-NS requests and recieving responses from them?
Do you have the contents of a few packets you could share with us?
-
November 6th, 2002, 03:59 PM
#10
Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|