[Dshield] port 137 probes

rilya byor rilya1 at yahoo.com
Mon Nov 18 13:59:52 GMT 2002


According to the IANA master port list, 10254 is
unassigned.  But the CPU spikes are happening to me,
too, and I think that's a big part of my problem.
As for Norton's firewall, it has great logging
capabilities but is very leaky, as I found out the
hard way last year. I had stringent rules in place
against a number of IPs but when I looked at my logs,
I'd see a lot of "Rule Block <whatever> ignored".
YIKES!  Now I use either ZoneAlarm Pro, Sygate Pro, or
Outpost (depending on my mood, LOL).
Rilya
--- Gravyface <gravyface at bmfsquad.com> wrote:
> I'm in the same boat except that my UDP probes are
> at about 6000+ daily
> against port 10254 -- a port that I can find ZERO
> information on.
> I have the latest signature files from Norton and
> have completed two full
> system scans.  The port is blocked but the incessant
> hammering is causing my
> cpu usage to spike.
> 
> 
> ----- Original Message -----
> From: "rilya byor" <rilya1 at yahoo.com>
> To: <list at dshield.org>
> Sent: Saturday, November 16, 2002 11:47 PM
> Subject: [Dshield] port 137 probes
> 
> 
> > Help... I've lately been logging hundreds of port
> 137
> > probes a day, which I understand are coming from
> the
> > Tanatos/Bugbear worm.  Of course, I have netbios
> > disabled and ports 137-138-139 stealthed, but I'm
> > having a terrible time maintaining a usable dialup
> > connection; I log on and a few minutes later the
> > connection freezes up and I have to redial again,
> and
> > again... Is all this port 137 activity the cause
> of
> > this?  My ISP has no explanation (but what do they
> > know...)  If so, what can I do to prevent it?  My
> > phone bill is going to be astronomical if this
> keeps
> > up.
> > Tnx,
> > Rilya1
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - Let the expert host your site
> > http://webhosting.yahoo.com
> >
> >
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or
> unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com




More information about the list mailing list