Port Details - Port 139

Jan 10 2,250 Jan 11 2,554 Jan 12 2,516 Jan 13 2,335 Jan 14 2,367 Jan 15 1,586 Jan 16 2,070 Jan 17 1,832 Jan 18 2,186 Jan 19 1,797 Jan 20 1,597 Jan 21 1,546 Jan 22 1,579 Jan 23 1,459 Jan 24 1,577 Jan 25 1,828 Jan 26 1,853 Jan 27 1,778 Jan 28 1,762 Jan 29 1,622 Jan 30 1,510 Jan 31 1,476 Feb 01 1,822 Feb 02 1,634 Feb 03 1,674 Feb 04 1,679 Feb 05 1,754 Feb 06 1,602 Feb 07 1,528 Feb 08 1,638 Feb 09 635 Jan 10 19,149 Jan 11 20,561 Jan 12 21,750 Jan 13 22,369 Jan 14 21,843 Jan 15 70,567 Jan 16 23,377 Jan 17 21,572 Jan 18 23,016 Jan 19 25,578 Jan 20 20,294 Jan 21 20,362 Jan 22 17,800 Jan 23 21,834 Jan 24 19,791 Jan 25 17,860 Jan 26 22,670 Jan 27 19,851 Jan 28 22,537 Jan 29 37,997 Jan 30 19,596 Jan 31 19,936 Feb 01 22,904 Feb 02 25,748 Feb 03 24,042 Feb 04 18,802 Feb 05 20,828 Feb 06 18,953 Feb 07 23,666 Feb 08 72,507 Feb 09 12,239
[show ascii data]
  • Start Date:
  • End Date:
  • Port:
  • Left Graph:
  • Right Graph:
  • Show Range:Yes No

Port Information

ProtocolServiceName
udpnetbios-ssnNETBIOS Session Service
tcpnetbios-ssnNETBIOS Session Service
tcpSMBRelay[trojan] SMB Relay
tcpSadmind[trojan] Sadmind
tcpQaz[trojan] Qaz
tcpNetwork[trojan] Network
tcpNetlog[trojan] Netlog
tcpMsinit[trojan] Msinit
tcpGodMessageworm[trojan] God Message worm
tcpChode[trojan] Chode
[get complete service list]

User Comment

Submitted ByDate
Comment
Marcus H. Sachs, SANS Institute2003-10-10 00:35:06
SANS Top-20 Entry: W5 Windows Remote Access Services http://isc.sans.org/top20.html#w5 NETBIOS -- Unprotected Windows Networking Shares Microsoft Windows provides a host machine with the ability to share files or folders across a network with other hosts through Windows network shares. The underlying mechanism of this feature is the Server Message Block (SMB) protocol, or the Common Internet File System (CIFS). These protocols permit a host to manipulate remote files just as if they were local. Although this is a powerful and useful feature of Windows, improper configuration of network shares may expose critical system files or may provide a mechanism for a nefarious user or program to take full control of the host. One of the ways in which I-Worm.Klez.a-h (Klez Family) worm, Sircam virus (see CERT Advisory 2001-22) and Nimda worm (see CERT Advisory 2001-26) spread so rapidly in 2001 was by discovering unprotected network shares and placing copies of themselves in them. Many computer owners unknowingly open their systems to hackers when they try to improve convenience for co-workers and outside researchers by making their drives readable and writeable by network users. But when care is taken to ensure proper configuration of network shares, the risks of compromise can be adequately mitigated.
Add a comment

CVE Links

CVE #Description
CVE-1999-182 "Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password."
CVE-2000-347 "Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name."
CVE-2000-1081 "The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP)
CVE-2000-1082 "The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP)
CVE-2000-1083 "The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP)
CVE-2000-1084 "The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP)
CVE-2000-1085 "The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP)
CVE-2000-1086 "The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP)
CVE-2000-1087 "The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP)
CVE-2000-1088 "The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP)
CVE-2001-542 "Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror
CVE-2002-642 "The registry key containing the SQL Server service account information in Microsoft SQL Server 2000
CVE-2002-724 "Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT
CVE-2003-201 "Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a
CVE-2003-533 "Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a
CVE-2003-812 "Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (""NetSetup.LOG"")
CVE-2003-813 "A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request
CVE-2003-818 "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL)
CVE-2004-1154 "Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow."