[31552] in North American Network Operators' Group
Re: Port 139 scans
daemon@ATHENA.MIT.EDU (Dana Hudes)
Thu Sep 28 09:45:02 2000
Message-ID: <001701c02952$01f58aa0$3d5cdcd1@hudes.org>
From: "Dana Hudes" <dhudes@hudes.org>
To: <nanog@merit.edu>
Date: Thu, 28 Sep 2000 09:42:56 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: owner-nanog-outgoing@merit.edu
Yes but in the past few days activity has stepped up tremendously. Where =
my webserver, which uses Samba to communicate with my local desktop =
win98 machine (the latter is client, no shares exported) used to get =
once in a couple months an attempt on port 139 now I have 45 / day.
Furthermore, they're overwhelmingly from customers of my upstream -- =
Concentric. A handful from @home and others. I reported this to =
Concentric with the log.smb file in the message. No response 3 days =
later.
----- Original Message -----=20
From: "Randy Bush" <randy@psg.com>
To: "John Fraizer" <nanog@EnterZone.Net>
Cc: <nanog@merit.edu>
Sent: Thursday, September 28, 2000 1:40 AM
Subject: Re: Port 139 scans
>=20
> >> Speaking of the internet and the way it operates, is anyone else =
seeing a
> >> large number of random hosts scanning through their address space =
using TCP
> >> on port 139?
> > We have been seeing this for about 3 weeks now.
>=20
> s/weeks/years/
>=20
> randy
