Yes but in the past few days activity has stepped up tremendously. Where my webserver, which uses Samba to communicate with my local desktop win98 machine (the latter is client, no shares exported) used to get once in a couple months an attempt on port 139 now I have 45 / day. Furthermore, they're overwhelmingly from customers of my upstream -- Concentric. A handful from @home and others. I reported this to Concentric with the log.smb file in the message. No response 3 days later. ----- Original Message ----- From: "Randy Bush" <randy@psg.com> To: "John Fraizer" <nanog@EnterZone.Net> Cc: <nanog@merit.edu> Sent: Thursday, September 28, 2000 1:40 AM Subject: Re: Port 139 scans
Speaking of the internet and the way it operates, is anyone else seeing a large number of random hosts scanning through their address space using TCP on port 139? We have been seeing this for about 3 weeks now.
s/weeks/years/
randy