I get many, many connection attempts (several per hour) to my small server where a connection is attempted on port 137/UDP, followed 10-20 seconds later by one or more attempts to connect on 1025/UDP and 1026/UDP These come from locations all over the world, and are coming at all times of the day, including when our office is empty in the middle of the night. Our server only provides internal NAT-based internet sharing, we are not hosting a web site or any other inernet services. A typical sequence (from a Tiny Software Personal Firewall log) is:
In UDP, 67.192.193.215:1071->localhost:137 In UDP, 67.192.193.215:137->localhost:1026 In UDP, 67.192.193.215:137->localhost:1025 In UDP, 67.192.193.215:137->localhost:1026 In UDP, 67.192.193.215:137->localhost:1025 In UDP, 67.192.193.215:137->localhost:1026 I am trying to compile a report on the level of potentially hostile probing that is being done to our internet connection. Is this legitimate traffic? What exactly is it, and what software is producing it? I realize it is NetBIOS related. +----------------+ Kent James [EMAIL PROTECTED] +----------------+
