UDP Port 137 Question
From: John Smithson (why1234_at_hotmail.com)
Date: 01/20/04
- Previous message: jburzenski_at_americanhm.com: "RE: Dumb question abt. Wireless WEP security"
- Next in thread: H Carvey: "Re: UDP Port 137 Question"
- Maybe reply: H Carvey: "Re: UDP Port 137 Question"
- Reply: JGrimshaw_at_ASAP.com: "Re: UDP Port 137 Question"
- Maybe reply: Jeff Friend: "Re: UDP Port 137 Question"
- Maybe reply: H Carvey: "Re: UDP Port 137 Question"
- Maybe reply: Mark A. Villanova: "RE: UDP Port 137 Question"
- Reply: JGrimshaw_at_ASAP.com: "Re: UDP Port 137 Question"
- Maybe reply: Darrell Porter: "RE: UDP Port 137 Question"
- Maybe reply: Darrell Porter: "RE: UDP Port 137 Question"
- Maybe reply: Patrick A. Middleton: "RE: UDP Port 137 Question"
- Maybe reply: John Smithson: "RE: UDP Port 137 Question"
- Maybe reply: Depp, Dennis M.: "RE: UDP Port 137 Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Tue, 20 Jan 2004 12:16:22 -0800
Gurus,
I have couple of servers that are constantly trying to go outbound on UDP
Port 137 (Nbname). The event is occurring 4-5 times per second. All
outbound traffic is being dropped by my firewall. However, I am just trying
to find out what is the reason -
I have AV on the server with latest definition - I have ran manual AV Scan -
I have ran Welchia / Nimda / etc removal tool - I have ran Spyware removal
tool - All of them comes up clean. The outbound address are for example:
156.67.52.182 to 156.67.52.204 --- 9.108.180.138-154 -- 145.46.77.202-241 -
There are more of these network ranges ( I have already done whois on all
these IP range)
Oh yeah - the servers are Win2k with SP3 or Win2k with SP4 with latest HF.
Please help me to isolate what I am facing? This should not be a normal
Traffic Pattern, since only couple of my servers are producing this traffic
TIA
_________________________________________________________________
Let the new MSN Premium Internet Software make the most of your high-speed
experience. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------
- Previous message: jburzenski_at_americanhm.com: "RE: Dumb question abt. Wireless WEP security"
- Next in thread: H Carvey: "Re: UDP Port 137 Question"
- Maybe reply: H Carvey: "Re: UDP Port 137 Question"
- Reply: JGrimshaw_at_ASAP.com: "Re: UDP Port 137 Question"
- Maybe reply: Jeff Friend: "Re: UDP Port 137 Question"
- Maybe reply: H Carvey: "Re: UDP Port 137 Question"
- Maybe reply: Mark A. Villanova: "RE: UDP Port 137 Question"
- Reply: JGrimshaw_at_ASAP.com: "Re: UDP Port 137 Question"
- Maybe reply: Darrell Porter: "RE: UDP Port 137 Question"
- Maybe reply: Darrell Porter: "RE: UDP Port 137 Question"
- Maybe reply: Patrick A. Middleton: "RE: UDP Port 137 Question"
- Maybe reply: John Smithson: "RE: UDP Port 137 Question"
- Maybe reply: Depp, Dennis M.: "RE: UDP Port 137 Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
