We've seen a lot! of this, thousands of matches per hour when we put in an acl. We were under Ddos some time ago and all the requests were on port 137. A simple filter on netbios-ns on my upstream fixed it but its uggly.
----- Original Message ----- From: "Joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, October 26, 2002 5:24 PM Subject: Odd behavior > > > > Anyone noticing an increase in the amount of port 137 scans? > I've seen just just over 100 in the last 1 hour. When I probe the offender > I see them as MS items with their Harddrives shared wide open. > Only thing in common is they all appear to have some file called put.ini in > their root directory with a line that looks to be from a win.ini and states > brasil.pif or exe. Maybe some new virus? > Well heads up. > > Cheers > -Joe > >
