>My firewall has logged a large upsurge in port 137 scans over the last couple of days. This evening, every 1 to 5 minutes, from a large and unique set of source IPs, with most source ports 1025 to 1030. Is anyone else seeing this?
>
>If it's not just me, it looks like a lot of hosts have been compromised and may be suborned into a massive search for other vulnerable systems. Port 137 is used by Windows NetBIOS/SMB file service so if you're purposely or inadvertently exposing this service to the Internet you might want to be extra vigilant.
>
>If you're not firewalled, if you're running Win9x, or if you're not sure of your status take a look at the ShieldsUp! test at
http://grc.com .
http://www.sdesign.com/securitytest/win9xsecurity.htmlhttp://cable-dsl.home.att.net/netbios.htm
If it's not broken, fix it until it is.
My Blog