Yeah we're all going to experience this problem for a while...there is a hacker tool that the author released to the public a few weeks ago that will scan a range of IP's trying to get in on port 137 (NetBios)...then to make matters worse someone else made something similar to worm in order to zombie some other machines to do the scranning for them.
>My firewall has logged a large upsurge in port 137 scans over the last couple of days. This evening, every 1 to 5 minutes, from a large and unique set of source IPs, with most source ports 1025 to 1030. Is anyone else seeing this?
>
>If it's not just me, it looks like a lot of hosts have been compromised and may be suborned into a massive search for other vulnerable systems. Port 137 is used by Windows NetBIOS/SMB file service so if you're purposely or inadvertently exposing this service to the Internet you might want to be extra vigilant.
>
>If you're not firewalled, if you're running Win9x, or if you're not sure of your status take a look at the ShieldsUp! test at
http://grc.com .
ICQ 10556 (ya), 254117