[Dshield] UDP 137 Scans

Bruyere, Michel mbruyere at ezemcanada.com
Tue Aug 12 19:38:05 GMT 2003

	As far as i can see, there is 2 possibilities for that, legit
trafic, follow this link. 

or more probable in your situation (since you get many "hits") the bugbear
virus. Follow this link for more infos.

All AV sites will give you information about the bugbear if you want to know
more about it ;) 

My 0,02$


> -----Original Message-----
> From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
> Sent: mardi 12 août 2003 15:22
> To: list at dshield.org
> Subject: [Dshield] UDP 137 Scans
> Greetings:
> We are getting whacked pretty good by 137/UDP scans -- a different block
> 3 to 7 IPs in rapid succession every few minutes. Presently, these scans
> are outnumbering 135/TCP scans by a factor of 2 or 3 to 1.

> Any idea what is going on here?


More information about the list mailing list