September 8th, 2003, 05:07 PM
access log for dummies?
OK I'm a newbie at this networking stuff. I'm looking at an access log off of a d-link router and there is an awful lot of unrecognized access from many different IP addresses. Can any of you explain this to me? Attached is a copy of my access log.
September 8th, 2003, 05:11 PM
No expert mate, but it looks like it could be one of those internet worms?
Make sure your OS is fully patched please, and update and run the AV application that you have.
September 8th, 2003, 05:17 PM
Looks like someone might be scanning for commonly-exploitable ports (137 and 139 are used by Windows NetBIOS I think). Either that or it could be an internet worm (as nihil said).
Patching your OS won't necessarily make any difference if you're running a hardware router, but it's best to be sure.
Port 137: NetBIOS Name Service
Port 139: NetBIOS Session Service
Port 445: Microsoft Directory Services
In all likelihood it's either a worm or a bunch of script kiddies searching for vulnerable Windows computers. If you have a hardware router between your computers and your network and/or your workstations are running an operating system other than Windows, it shouldn't be anything to worry about.