North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Port 139 scans

  • From: Henry R. Linneweh
  • Date: Thu Sep 28 10:44:37 2000

I am particularly concerned over this issue of these broadcasts
originating from Concentric.net, since I too a Concentric.net
user have been getting an increase of port 139 scans, then A
dialup port saturation and disconnect, even though CFW stops
the packet at the port.

Lets direct all traffic concerning this issue to Jim Tobias at concentric.net
[email protected] for a concerted effort to resolve the issue if it
Originates from a Concentric.net or Concentric.com network node.

2000/09/27 6:47:28 AM GMT -0700: Dial-Up Adapter [0000][Ref# 5] Blocking incoming TCP: src=206.173.248.146, dst=206.173.232.156, sport=2596, dport=139.

2000/09/27 9:33:26 PM GMT -0700: Dial-Up Adapter [0000][Ref# 5] Blocking incoming TCP: src=206.173.232.118, dst=206.173.232.204, sport=1638, dport=139.

Dana Hudes wrote:

> Yes but in the past few days activity has stepped up tremendously. Where my webserver, which uses Samba to communicate with my local desktop win98 machine (the latter is client, no shares exported) used to get once in a couple months an attempt on port 139 now I have 45 / day.
> Furthermore, they're overwhelmingly from customers of my upstream -- Concentric. A handful from @home and others. I reported this to Concentric with the log.smb file in the message. No response 3 days later.
>
> ----- Original Message -----
> From: "Randy Bush" <[email protected]>
> To: "John Fraizer" <[email protected]>
> Cc: <[email protected]>
> Sent: Thursday, September 28, 2000 1:40 AM
> Subject: Re: Port 139 scans
>
> >
> > >> Speaking of the internet and the way it operates, is anyone else seeing a
> > >> large number of random hosts scanning through their address space using TCP
> > >> on port 139?
> > > We have been seeing this for about 3 weeks now.
> >
> > s/weeks/years/
> >
> > randy

--

Thank you;
|--------------------------------|
| Thinking is a learned process. |
| ICANN member @large            |
| Gigabit over IP, ieee 802.17   |
|--------------------------------|
Henry R. Linneweh