After upgrading to to latest VisualZone 5.7 I checked my log files for the last few days. I have numberous hits on target 137. About two days of solid hits. Anyone know what this is?

Bob /images/forums/icons/smile.gif

Hi Bob, I'm glad to see someone has noticed this too! I thought I had the latest version VZ 5.7.0.2909 But I tell you if I took the hits for port 137 out of my log I would only have a few left. The VZ site say that its the bugbear virus & others read below
---------------------------------------------------------------------------------------------
Increase in port 137 probes
==================
Tuesday, October 1, 2002

Many users have noticed an enormous increase in port 137 probes in their logs since September 27th. At the moment this increase is being contributed to the 'Bugbear/Tanatos' virus and the 'Opaserv/Scrup' worm.
---------------------------------------------------------------------------------------------
All the hits get annoying on Zone Alarm popup so I turned it off (only the allert that is) but I still get that friendly knock knock sound that VZ does, at least you don't need to close a window though. . .
Surely others have noticed the increase in port 137 hits. Here's where to look c:\Windows\Internet Logs


<font color=blue>&gt;&gt;Hally&lt;&lt;
&gt;&gt;&gt;/images/forums/icons/laugh.gif&lt;&lt;&lt;</font color=blue>

Hally, I have both the alert and alarm shut off. I'm just letting it do it's thing but I check the logs every couple of days. These constant hits will drive you nuts /images/forums/icons/crazy.gif. This bugbear is a nasty one.

Bob

Yes Bob you're right about Bugbear, I've met him personaly in my OE email inbox attached to a email, but I'm so lucky my Vet Anti Virus allerted me. Now there's an allert you don't wanna turn off /images/forums/icons/crazy.gif I'm also thankfull that I get all the AV data updates, because as you'd know Bob your Anti Virus is only as good as its last update ha ha


<font color=blue>&gt;&gt;Hally&lt;&lt;
&gt;&gt;&gt;/images/forums/icons/laugh.gif&lt;&lt;&lt;</font color=blue>

I am still being pounded with hits to port 137. Could someone please explain what this is all about. This can't be good. Doesn't anyone else use VisualZone?

Bob /images/forums/icons/smile.gif

Howdy Bob those 137 hits are getting me like mad /images/forums/icons/crazy.gif we all know its the bugbear virus etc but when will they stop. . . I got 200 hits in one 5hr session the other day, but now it has gone to 50 in a 5hr session phew lets hope it dwindles even more Bob

Bye 4 Now




<font color=blue>&gt;&gt;Hally&lt;&lt;
&gt;&gt;&gt;/images/forums/icons/laugh.gif&lt;&lt;&lt;</font color=blue>

I guess we'll have to wait until this particular virus passes. If we didn't have this firewall how far could these pings actually go. I talk to people all the time that are completely oblivious to antivirus programs and upgrades. Most feel the OEM McAfee ect. that came with their new machine two years ago is still working. That's how the virus' spread so easily.

Bob

Man can you believe some people don't run any Anti Vrus program at all /images/forums/icons/crazy.gif kind of silly if you ask me, but like you said Bob I've heard people talking as well & they have no idea about updated data for their AV's I guess its just a matter of time for them. .

Then on the other hand Bob I was reading on another forum <a target="_blank" href=http://www.spywareinfo.com/yabbse/index.php>SpywareInfo</a> that a couple are using two Anti Virus Programs at once, can you believe it. I was stunned /images/forums/icons/shocked.gif but apparently you can do it, one has to be running in the background otherwise they cause problems one sets the other one off with false alarms all the time. . . I'll stick with one I think /images/forums/icons/wink.gif its done well for me

Bye All


<font color=blue>&gt;&gt;Hally&lt;&lt;
&gt;&gt;&gt;/images/forums/icons/laugh.gif&lt;&lt;&lt;</font color=blue>

Hally, I use McAfee as my AV running program but I do online scans also with Symantec and Housecalls just to get other opinions. As far as running two AV's on one system, I don't think so. I have enough resourses being used up already.

Bob /images/forums/icons/smile.gif

Quote: <font color=blue>I have enough resourses being used up already</font color=blue>

That exactly what I reckon. . . . those guys must have heaps of memory, but I don't

Bye mate


<font color=blue>&gt;&gt;Hally&lt;&lt;
&gt;&gt;&gt;/images/forums/icons/laugh.gif&lt;&lt;&lt;</font color=blue>

Hello there, well it's been over a month since I first reported hits to target 137. There is one thing that I notice that I failed to mention. VisualZone is a utility for reading and identifying hits blocked by the firewall software, ZoneAlarm. The target 137 should have been identified as port 137. I am still being flooded by hits every minute or so. If you aren't using the VisualZone utility you can find the logs in C\windows\internet logs\ZALog.

If Hally or anyone else who sees this post is still being hammered by these hits to port 137 please let me know. I would like to try to figure this one out.

Bob
<a target="_blank" href=http://www.visualizesoftware.com/>http://www.visualizesoftware.com/</a>

Hi Bob,
Hows it going? I am being hammered by this port 137 thing still now! just this morning in a couple of hours I reckon I'v had 30+ hits. Its not good mate is it, I am pee'd off as well but we can do "Squat" below is what the Port List <a target="_blank" href=http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html>Site</a> say's about port 137. . . it doesn't say anything about Bugbear or any other viruses

Port-----Protocol-----Keyword--------Description

<font color=blue>137-----------tcp----------netbios-ns---------NETBIOS Name Service</font color=blue>

What can we do Bob any idea's



<font color=blue>&gt;&gt;Hally&lt;&lt;
&gt;&gt;&gt;/images/forums/icons/laugh.gif&lt;&lt;&lt;</font color=blue>

Hally & Bob,

Here's an interesting article by Steve Gibson called His site, <a target="_blank" href=http://www.grc.com>www.grc.com (http://grc.com/su-evilportmon.htm>Evil), is a great place to learn about computer security.

I know both you gentlemen are already aware of this site, but for interested readers, another good Security site is analogy (http://www.wilders.org/>Wilders</a>.)[/b] of what a Firewall is and what it can/can't do.

Happy Port 137 scaning!
Nana /images/forums/icons/smile.gif

Hi Hally, this is bugging the heck out of me also. I have no ideas but maybe some of the others might.

Nana, I will check out your links when I get home from work tonight. I'll get get back to you at that time. Thanks,

Bob

Thanks Nana, there's alot of good reading here. I did some searching in google myself for "port 137" and came up with alot of information. Here's one that I particularly liked;

<a target="_blank" href=http://www.dshield.org/ports/port137.html>http://www.dshield.org/ports/port137.html</a>

Well I'm back to those links

Bob/images/forums/icons/smile.gif

Haley & Bob

I used to use Zone Alarm & I noticed that I was getting Netbios Name scans(50 or so in 5 hours). I used to get maybe 5 a day, but for the last 3 months or so it really has increased.
I did a little reasearch & found out that the script kiddies & hackers have found a expolit in Windows98 OS in the Netbios Name & Session(Microsoft knows about it but doesn't have any plans for a patch....great hah!). I stopped using ZA & started using Norton Personal Firewall 2003 & the scans stopped(I don't why), I then went to GRC to use Shields Up & Port Scan without a firewall & everything on my computer is closed.....So the only I could think of is that the script kiddies & hackers have found a way around ZA or that ZA is the cause by allowing Netbios broadcasting over the net.

I hope this helps

Haley & Bob

I used to use Zone Alarm & I noticed that I was getting Netbios Name scans(50 or so in 5 hours). I used to get maybe 5 a day, but for the last 3 months or so it really has increased.
I did a little reasearch & found out that the script kiddies & hackers have found a expolit in Windows98 OS in the Netbios Name & Session(Microsoft knows about it but doesn't have any plans for a patch....great hah!). I stopped using ZA & started using Norton Personal Firewall 2003 & the scans stopped(I don't why), I then went to GRC to use Shields Up & Port Scan without a firewall & everything on my computer is closed.....So the only I could think of is that the script kiddies & hackers have found a way around ZA or that ZA is the cause by allowing Netbios broadcasting over the net.

I hope this helps

Bob,

Thank you for that site. I read it and went to the Cable Modem Help site it had as a link. From there I ran one of their tests. Not good! Time for some housekeeping and renovations, I think.

Nana /images/forums/icons/smile.gif

Hi Psychoboy, That is some pretty interesting information you found there. It all sounds as good as anything I've heard yet. One noticable thing is that you stopped the hits when you changed to Norton. I started getting the hits when I upgraded to ZA 3.1.291.

I hear Microsoft is dumping its upgrades for W98. That might be the cause of their lack of interest.

Nana, I also failed that test. I reset all my TCP/IP bindings setting and passed that test but it made no difference on the hits to my firewall.

Bob