|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Port 137 scans on the rise
From: Bryan Andersen (bryan
VISI.COM)Date: Thu Apr 20 2000 - 10:54:55 CDT
- Next message: Cold Fire: "Re: Rooted through in.identd on Red Hat 6.0"
- Previous message: Erich Meier: "Re: Rooted through in.identd on Red Hat 6.0"
- Next in thread: horio shoichi: "Re: Port 137 scans on the rise"
- Reply: horio shoichi: "Re: Port 137 scans on the rise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Bad news, I'm beginning to see 1 to 2 port 137 scans a day. This
means alot more systems are being infected. If at all possible it
would be a wise percaution to just block both incomming and
outgoing data to ports 137, 138, and 139 in both TCP and UDP at
your firewall.
CERT has a new writeup on the 911 culprit:
http://www.cert.org/current/current_activity.html#shares
A writeup on the network VBS_NETLOG worm can be found at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_NETLOG.WORM
-- | Bryan Andersen | bryan
- Next message: Cold Fire: "Re: Rooted through in.identd on Red Hat 6.0"
- Previous message: Erich Meier: "Re: Rooted through in.identd on Red Hat 6.0"
- Next in thread: horio shoichi: "Re: Port 137 scans on the rise"
- Reply: horio shoichi: "Re: Port 137 scans on the rise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]