[Dshield] Re: Port 135

James C Slora Jr Jim.Slora at phra.com
Mon Oct 21 16:16:07 GMT 2002

Since Friday, I've had more than 150 probes from more than 20 different
probe sources for TCP 135 (plus a few UDP 135 probes). Normally I get about
one probe every two months.

I don't think it is just NetBIOS spam, because the biggest probers have been
dialup users from wanadoo.fr, tiscali.fr, and attbi.com. These sources are
typical of script kiddie traffic, and are less typical for spam.

Dave Aitel's Bugtraq post might be related. The traffic started after his

> Immunity Advisory to the General Public
> Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3
> Author: Dave Aitel
> Date: October 18, 2002

I suspect that there might also be some more NetBIOS vulnerabilities that
have not yet been publicized.

More information about the list mailing list