Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: Unusual volume: UDP:137 probes
From: "Scott, Michael R." <MICHAEL.R.SCOTT () saic com>
Date: Tue, 1 Oct 2002 08:31:28 -0700 


There _may_ be an explanation here:-
https://grc.com/x/news.exe?cmd=article&group=grc.security&item=59379&utag=


I found a copy of this scrsvr.exe on a Win95 machine connected to a cable
modem, and it was, as expected, blasting 137 probes to various /16 blocks it
appeared.  The thing that initially caught my attention about the file,
which was in c:\windows, was A) the filename didn't sound right for a
standard windows screensaver related file, and B) the timestamp came up
blank in windows Explorer (I think that's the M time in Win95).  As of
yesterday afternoon NAV did not report any problems with the file.  I can
supply traces or the binary if interested.

Mike

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]