General discussion

Locked

Internet worm?

By kashmeir63 ·
Hi,
I have a windows network.
I've noticed in the firewall log that, constantly on udp ports 137,138, something is going to the computers on the network and trying to get out through the internet. The only way the users can get onto the internet is with a password. I'm not sure exactly whats happening, but I believe this my some sort of a worm on the network. I've scanned all the computers and I have no virsus on the network. I'm not sure how to get rid of this. Any help would be appreciated.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by fjaramillo In reply to Internet worm?

Our firewall logs are full of scans on many ports including 137,138 and 139. Here's a good place to stay informed. Make sure that you can't access any resources from the outside such as network shares. (i.e \\servername\c$)
http://www.dshield.org/port_report.php

Nando

Collapse -

by kashmeir63 In reply to

Poster rated this answer.

Collapse -

by Joseph Moore In reply to Internet worm?

Ok, Windows is real chatty. You have to remember that.
Now, these port connection attempts on UDP ports 137 and 138 are Netbios Name requests. This is, as frightening as it may seem, normal.
Windows usually does this whenever you connect to a remote resource. Windows likes to do a NetBIOS name lookup when you go to websites, or send e-mail, or connect to a steaming MP3 radio station with Winamp, or chat with MSN Messenger. It is just the nature of the beast that is Windows!
I don't think it is a virus. You would really see other stuff (like port 135 requests, or port 139) if it was a common virus. And since your antivirus scans have come out clean, I think this also adds credence.
If you are really worried, then on a machine that does this, just install a sniffer, and have it sniff the traffic this machine sends out. You'll probably just see it do name requests packets to the websites it is going to.
Ethereal is a good sniffer that runs on Windows:
www.ethereal.com

Collapse -

by kashmeir63 In reply to

Poster rated this answer.

Collapse -

by EdLockett In reply to Internet worm?

I would also recommend using the shieldsUP! site, at www.grc.com . It will test the security of your internet connection.

Collapse -

by kashmeir63 In reply to

Poster rated this answer.

Collapse -

by kashmeir63 In reply to Internet worm?

This question was closed by the author

Back to Security Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums