Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

TCP port 139 probes
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Tue, 9 Jul 2002 22:21:35 +0200 (MET DST)
I have detected a noticeable increase of (blocked) attempts to connect
to the TCP port 139 on machines in our network. Look at these numbers
(number of blocked packets per a day):

      1 Jun 10
      5 Jun 11
     13 Jun 12
     15 Jun 13
      3 Jun 15
      3 Jun 16
      4 Jun 17
     13 Jun 18
     18 Jun 19
     16 Jun 20
     15 Jun 21
      4 Jun 22
      2 Jun 23
     23 Jun 24
     18 Jun 25
     44 Jun 26
     95 Jun 27
    112 Jun 28
     84 Jun 29
     53 Jun 30
    130 Jul  1
    191 Jul  2
    227 Jul  3
    235 Jul  4
    226 Jul  5
    185 Jul  6
    167 Jul  7
    350 Jul  8
    199 Jul  9

These probes are not (ordinary) scans but isolated attempts by seemingly
random remote IP addresses to open connection to seemingly random local IP
addresses. In many cases, the destination is an unused address.

This is very suspicious.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]