There is an excellent paper on Firwall Forensics at
http://www.robertgraham.com/pubs/firewall-seen.html
that has a section on NetBIOS packet activity and what causes it.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, 5 November 2000 4:19
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SLUG] port 139 scanning by m$oft boxes
>
>
> I think you will find that it is more likely to be a virus called
> network.vbs
>
> Refer to:
> http://www.cert.org/incident_notes/IN-2000-02.html for further.
>
> --
> Howard.
> ______________________________________________________
> LANNet Computing Associates <http://www.lannet.com.au>
>
> On Sun, 5 Nov 2000, Richard Ames wrote:
>
> >
> > Trying to help a Win admin whose box is scanning.....
> >
> > I think I remember there is a bug (design feature) in Win
> 95/8 that results
> > in these boxes scanning the complete class c network.... I
> can't find a
> > reference to it in the M$ knowledge base but think a tech
> note Q number was
> > quoted...
> >
> > Anyone know a bit more detail?
> >
> > Thanks,
> >
> > Richard.
> >
> > Richard Ames
> > linsup.com, Sydney, Australia
> > Tel: +61 2 9144-6131
> > mailto:[EMAIL PROTECTED] http://www.linsup.com/
> >
> >
> >
> >
>
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
