Here's where I'm at with the whole netbios thing. I called one ISP in
canada to inquire as to why I was seeing a bunch of these from their
network. They told me that netbios name queries occur when some winders
based browsers hit a website, to determine if a particular name is in use
before the client uses it (?) . I had never heard this happening before, it
was suggested to me that US networks may be filtering netbios out, and so if
all this is true, I am receiving them all from outside of the US most likely
due to the increased amount of web traffic on the 'net lately.

Haven't got a single one from inside the US consequently, but I may just be
lucky.

-----Original Message-----
From: Xno Xutz [mailto:xnoxutzyahoo.com]
Sent: Thursday, August 02, 2001 8:55 AM
To: incidentssecurityfocus.com
Subject: Increasing Port 137 Scan rate

Hi All,

in the last two weeks I have received an increasing
amout of scans to port 137:UDP (netbios name query).
Is anybody aware of any reason that would explain
this?

Regards,
Xno

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]