Re: Sudden torrent of ZoneAlarm alerts re: UDP port 137 - Any ideas?

From:
Date: 09/30/02


Date: Mon, 30 Sep 2002 01:16:01 GMT

Hello All,
        The port 137 UDP attemps are being reported by many others in
different NG's. I'm seeing the
same thing in my logs also.I'm seeing a range of source ports from 1024
to 1028 and 1 on 1032.I'm am also getting some from my own domain and
also alot from Asia. This started saturday morning and has picked up
since. here is a link to some info on the rise of Port 137 scans.
http://isc.incidents.org/
"2002-Sep-29... current status: green Yet another mod_ssl worm (analysis
coming soon). Scans for port 137 on the rise." Quoted from internet
storm center.
Regards,
Tie Dye

"JMSteele" <jmsteele@qwest.net> wrote in message
news:73d56acc.0209291549.6ac620f@posting.google.com...
> In the past 72 hours I've received a near constant (we're talking
> hundreds) stream of ZA alerts regarding attempts to access UDP port
> 137. While many of these are repeat scanning attempts originating from
> a handful of IPs from within my own qwest.net domain, most are from
> unique IPs from domains all over the globe. Almost all of the source
> IPs are using port 1025 or 1026.
>
> I've had this account and operated ZoneAlarm for well over a year and
> this has never happened previously. Ran Trojan Remover and found
> nothing, but still can't help but being paranoid.
>
> Any ideas on what this might be?
>
> Thanks

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/02