My (Linux, see it's not OT) firewall is getting a major amount of scanning
activity on port 137, from hosts connecting from their port 137. A lot of
the connecting servers are web servers (of which a lot seem to be
unconfigured IIS, one was running Netscape Enterprise).
Among the unwelcomed visitors were somone from behind TheLinuxStore's
firewall, the American Museum of Natural History anthroplogy website, a
sixdegrees.com server, centaur.tau.ac.il, an oreilly.com server,
trace.jewishgen.org and more. All this started on Sunday.
Is there any reason why this port on particular should be accessed a lot, or
am I witnessing the next big Windows exploit?
--
Itamar S.T. [EMAIL PROTECTED]
"It don't get thingier than that!"
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
