部機用 UDP 137 send 野出街?

本帖最後由 BB_HON 於 2013-6-4 13:51 編輯

我今日係 Firewire log 發現左個 Network 有個 client 用 UDP 137 port send 一堆data 去幾個IP 的port 137
開幾後幾分鐘就無左
IP 好似來自一堆外國的 ISP (?)
係咪有古怪野?


OS: Windows 7 x64
Kaspersky Internet Security 2013 installed

Log from firewall
  1. Jun/03/2013 11:15:18 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.33:137, len 78
  2. Jun/03/2013 11:15:20 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.33:137, len 78
  3. Jun/03/2013 11:15:21 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.33:137, len 78
  4. Jun/03/2013 11:15:23 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.36:137, len 78
  5. Jun/03/2013 11:15:24 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.36:137, len 78
  6. Jun/03/2013 11:15:26 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.36:137, len 78
  7. Jun/03/2013 11:15:28 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->202.177.216.236:137, len 78
  8. Jun/03/2013 11:15:30 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->202.177.216.236:137, len 78
  9. Jun/03/2013 11:15:31 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->202.177.216.236:137, len 78
  10. Jun/03/2013 11:15:33 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->62.128.100.41:137, len 78
  11. ......
複製代碼

中毒,掃毒

TOP

回復 2# a189252158

Kaspersky 話無事

TOP

D程式上傳野

TOP

回復 4# a189252158

137-139 一早block 左,唔知有無用其他port 出走左

TOP

我今日係 Firewire log 發現左個 Network 有個 client 用 UDP 137 port send 一堆data 去幾個IP 的port 137 ...
BB_HON 發表於 2013-6-4 01:50 PM


port 137 好似係 NetBIOS,試試關左佢?
   

TOP

回復 7# TH30

係 NetBIOS, 但係出左街呢
果部機最後重裝左,暫時見唔到亂send 野

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP