hey
I'm presently getting inundated with incoming NetBIOS probles from all over the place.....ois there someting going on (as in a worm)?
hey
I'm presently getting inundated with incoming NetBIOS probles from all over the place.....ois there someting going on (as in a worm)?
It could be W32.Bird.A@MM. It is new and it will try and spread via network shares.
Cheers:
I just checked my IDS logs and I am not seeing anything unusual yet....
When BugBear first was exposed, my firewall at my house was getting slammed with 137's as well - I did some checking, and I concluded that the probes were more than likely BugBear infected machines...
Agree with Maverick. A good place to look if you are getting inundated with traffic is :
www.incidents.org
They have a distrubted IDS type system setup where people supply firewalls and ids logs to report who is scanning/doing bad things. You can at least see if other people are seeing the type of traffic you are seeing, and what, if they know, is causing it...
You should see one of the first titles there is increased 137 scans...probably your culprit.
/nebulus
Hi all;
There is this real neat program that will do just what you are seening...
It will run on all of the M$ os's
http://www.rawlogic.com/
It is a real good way to test your own shares
as well....
I guess Neat is a little heavy for a tool that will scan
both class "c"s and "b"s with no extra input
and can be used to break into a computer.....
Sorry...long day...been working outside installing some customer equipment
ever since i got ADSL and set up a small four-computer home lan, my router has been catching scans from computers...destined for ports 137-139. At first I reported them to my ISP...but I never got a response so I assumed they did nothing so I just ignore it now.
As long as your firewall is catching...and stopping (duhh) it, then I wouldn't worry about it, but that's just me.
I'm been getting the same but on 137 but via UDP, at the rate of one a minuate, and like you said they are from all over the place
Are you sure they're not replies to packets your Windoze machine sends out?
Does your windoze box send DNS requests originating from 137?
Or is your box sending its own NETBIOS-NS requests and recieving responses from them?
Do you have the contents of a few packets you could share with us?
Personally, my firewall is set up to block certain ports, and 137 - 139 is one of them, I usually block TCP and UDP if posible. You might wanna do same, that way you wont have to worry about it. If my memory serves me right 139 is like a finger...info look up. All you IRC people might know what finger cmd is. :cool: :rolleyes: