|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Laumann, Dave (dlaumann
SUNTZU.NET)Date: Fri Jan 12 2001 - 09:39:22 CST
well if the source ports are accurate, then this likely is not netbios-ns
from a windows machine as someone else pointed out. iirc, netbios-ns from
win machines have a source of 137. if there is a nat/firewall/proxy/etc in
between the two machines the source port might change, but a
nat/firewall/proxy device giving src ports < 1024??
as you pointed out, it looks to be a unix host...
-dave
> Hey all,
>
> Can someone maybe give me a clue where to dig on
> finding out what
> this type of "scan" is?...whether it's anything known?
>
> 01/09/2001 04:34:36.928 - UDP packet dropped -
> Source:other.net.11.66, 928, WAN -
> Destination:My.sub.net.162, 137, LAN
> - -
> 01/09/2001 04:41:23.416 - UDP packet dropped -
> Source:other.net.11.66, 642, WAN -
> Destination:My.sub.net.162, 137, LAN
> - -
> 01/09/2001 04:50:59.592 - UDP packet dropped -
> Source:other.net.11.66, 949, WAN -
> Destination:My.sub.net.162, 137, LAN
> - -
> 01/09/2001 04:57:10.336 - UDP packet dropped -
> Source:other.net.11.66, 690, WAN -
> Destination:My.sub.net.162, 137, LAN
> - -
> 01/09/2001 05:05:04.480 - UDP packet dropped -
> Source:other.net.11.66, 872, WAN -
> Destination:My.sub.net.162, 137, LAN
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]