My firewall has logged a large upsurge in port 137 scans over the last couple of days. This evening, every 1 to 5 minutes, from a large and unique set of source IPs, with most source ports 1025 to 1030. Is anyone else seeing this?
If it's not just me, it looks like a lot of hosts have been compromised and may be suborned into a massive search for other vulnerable systems. Port 137 is used by Windows NetBIOS/SMB file service so if you're purposely or inadvertently exposing this service to the Internet you might want to be extra vigilant.
If you're not firewalled, if you're running Win9x, or if you're not sure of your status take a look at the ShieldsUp! test at
http://grc.com .
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up
