[Dshield] UDP 137 Scans

Bruyere, Michel mbruyere at ezemcanada.com
Tue Aug 12 19:38:05 GMT 2003


Hi, 
	As far as i can see, there is 2 possibilities for that, legit
trafic, follow this link. 
http://www.robertgraham.com/pubs/firewall-seen.html#netbios

or more probable in your situation (since you get many "hits") the bugbear
virus. Follow this link for more infos.
http://www.simovits.com/nyheter9902.html

All AV sites will give you information about the bugbear if you want to know
more about it ;) 


My 0,02$

M.Bruyere

> -----Original Message-----
> From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
> Sent: mardi 12 août 2003 15:22
> To: list at dshield.org
> Subject: [Dshield] UDP 137 Scans
> 
> Greetings:
> 
> We are getting whacked pretty good by 137/UDP scans -- a different block
of
> 3 to 7 IPs in rapid succession every few minutes. Presently, these scans
> are outnumbering 135/TCP scans by a factor of 2 or 3 to 1.
> 

SNIP
 
> Any idea what is going on here?
> 

SNIP




More information about the list mailing list