Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Port 137 probes
From: Bubsy <pizzapowered () yahoo com>
Date: 1 Oct 2002 06:11:42 -0000


After I saw that you guys were getting more port 137's than usual, I 
looked at my logs. I found that I was also getting far more port 137's 
than usual :) so I took a break from what I was doing to see what was up. 
The remote port was almost always 1025, and the suspect only sent one 
attempt each time. I did the 10 second look on a suspect machine with an 
open share and found scrsvr.exe , which I believe to be the culprit, it 
seems so cut and dried that I'm not even gonna sandbox it. Read more here -
 
http://vil.mcafee.com/dispVirus.asp?virus_k=99729

Well, there ya go, comes to life ~the 28th, bang boom zoom.

All good things to all good people!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
  • Port 137 probes Bubsy (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]