"Crumrine, Gary L" <[EMAIL PROTECTED]> writes:
> I agree with Carl. I am not so sure that this can be just explained
> away as being normal Microsoft activity. I too have seen a great
> deal of this type of activity, and it just started about 6 months
> ago. I know the same subject has come up on this thread at least 3
> times now. It sure sounds like it is another MS "issue".
Random port 137 scanning starting about 6 months ago would probably be
the Bymer/Dnet.Dropper worm[1]. We also a huge increase in 137 blocks
from seemingly random IPs around then, and traced at least some of it
to that worm and its variants. However, I don't know of any reason
why Carl would have seen a recent increase in port 137 probes.
[1] http://www.sarc.com/avcenter/venc/data/w32.hllw.bymer.html
http://www.distributed.net/trojans.html.en
--
Dan Riley [EMAIL PROTECTED]
Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/>
"History teaches us that days like this are best spent in bed"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
