[31545] in North American Network Operators' Group
Re: Port 139 scans
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Wed Sep 27 18:15:08 2000
Message-ID: <39D2705B.95C3B02C@netmore.net>
Date: Wed, 27 Sep 2000 15:10:35 -0700
From: Roland Dobbins <rdobbins@netmore.net>
Reply-To: rdobbins@netmore.net
MIME-Version: 1.0
To: "Roeland M.J. Meyer" <rmeyer@MHSC.com>
Cc: John Fraizer <nanog@EnterZone.Net>,
Bill Becker <bbecker@iconn.net>, nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
This has been pretty common for quite some time, and has probably
increased due to attendant publicity surrounding the following:
http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D1620
"Roeland M.J. Meyer" wrote:
>
> > From: John Fraizer [mailto:nanog@EnterZone.Net]
> > Sent: Wednesday, September 27, 2000 11:26 AM
> >
> > On Wed, 27 Sep 2000, Bill Becker wrote:
> >
> > > Speaking of the internet and the way it operates, is anyone
> > else seeing a
> > > large number of random hosts scanning through their address
> > space using TCP
> > > on port 139?
> > >
> > > Bill
> >
> > We have been seeing this for about 3 weeks now.
>
> I have too, it looks like they're looking for Windoze and Samba boxen.
> That's one of the netbios ports.
--
------------------------------------------------------------
Roland Dobbins <rdobbins@netmore.net> // 818.535.5024 voice
