BACK

The event data below shows a single source IP sequentially scanning a several dozen target IP addresses, looking for systems running Microsoft Networking. The target IP range is protected by a firewall that participates in the myNetWatchman dIDS system.

As you will soon see, this is a great example of what appears to be a few stray Netbios probes (what some call Internet "noise") is anything but.

Note: Source and target IP addresses are obfuscasted to protect the identies of their respective owners. 


AttackDatetime                 SourceIP        TargetIP       ProtocolID  Destport
------------------------------ --------------- -------------- ----------- -----------
2002-08-27 17:22:38.000        107.xxx.xxx.xxx xxx.xxx.28.13  6           139
2002-08-27 17:22:38.000        107.xxx.xxx.xxx xxx.xxx.28.13  6           139
2002-08-27 17:22:40.000        107.xxx.xxx.xxx xxx.xxx.28.15  6           139
2002-08-27 17:22:49.000        107.xxx.xxx.xxx xxx.xxx.28.15  6           139
2002-08-27 17:22:40.000        107.xxx.xxx.xxx xxx.xxx.28.15  6           139
2002-08-27 17:23:15.000        107.xxx.xxx.xxx xxx.xxx.28.26  6           139
2002-08-27 17:23:15.000        107.xxx.xxx.xxx xxx.xxx.28.26  6           139
2002-08-27 17:23:15.000        107.xxx.xxx.xxx xxx.xxx.28.33  6           139
2002-08-27 17:23:15.000        107.xxx.xxx.xxx xxx.xxx.28.33  6           139
2002-08-27 17:24:48.000        107.xxx.xxx.xxx xxx.xxx.28.103 6           139
2002-08-27 17:24:48.000        107.xxx.xxx.xxx xxx.xxx.28.103 6           139
2002-08-27 17:24:48.000        107.xxx.xxx.xxx xxx.xxx.28.104 6           139
2002-08-27 17:24:48.000        107.xxx.xxx.xxx xxx.xxx.28.104 6           139
2002-08-27 17:24:50.000        107.xxx.xxx.xxx xxx.xxx.28.114 6           139
2002-08-27 17:25:07.000        107.xxx.xxx.xxx xxx.xxx.28.116 6           139
2002-08-27 17:25:06.000        107.xxx.xxx.xxx xxx.xxx.28.116 6           139
2002-08-27 17:25:07.000        107.xxx.xxx.xxx xxx.xxx.28.120 6           139
2002-08-27 17:25:07.000        107.xxx.xxx.xxx xxx.xxx.28.120 6           139
2002-08-27 17:25:26.000        107.xxx.xxx.xxx xxx.xxx.28.131 6           139
2002-08-27 17:25:35.000        107.xxx.xxx.xxx xxx.xxx.28.131 6           139
2002-08-27 17:25:32.000        107.xxx.xxx.xxx xxx.xxx.28.134 6           139
2002-08-27 17:25:29.000        107.xxx.xxx.xxx xxx.xxx.28.134 6           139
2002-08-27 17:25:30.000        107.xxx.xxx.xxx xxx.xxx.28.135 6           139
2002-08-27 17:25:31.000        107.xxx.xxx.xxx xxx.xxx.28.136 6           139
2002-08-27 17:25:44.000        107.xxx.xxx.xxx xxx.xxx.28.137 6           139
2002-08-27 17:25:44.000        107.xxx.xxx.xxx xxx.xxx.28.138 6           139
2002-08-27 17:25:44.000        107.xxx.xxx.xxx xxx.xxx.28.138 6           139
2002-08-27 17:25:44.000        107.xxx.xxx.xxx xxx.xxx.28.140 6           139
2002-08-27 17:25:47.000        107.xxx.xxx.xxx xxx.xxx.28.141 6           139
2002-08-27 17:26:02.000        107.xxx.xxx.xxx xxx.xxx.28.145 6           139
2002-08-27 18:26:55.000        107.xxx.xxx.xxx xxx.xxx.28.145 6           139
2002-08-27 17:26:05.000        107.xxx.xxx.xxx xxx.xxx.28.147 6           139
2002-08-27 17:26:05.000        107.xxx.xxx.xxx xxx.xxx.28.147 6           139
2002-08-27 17:26:06.000        107.xxx.xxx.xxx xxx.xxx.28.148 6           139
2002-08-27 18:26:12.000        107.xxx.xxx.xxx xxx.xxx.28.148 6           139
2002-08-27 17:26:05.000        107.xxx.xxx.xxx xxx.xxx.28.149 6           139
2002-08-27 17:26:05.000        107.xxx.xxx.xxx xxx.xxx.28.149 6           139
2002-08-27 17:26:06.000        107.xxx.xxx.xxx xxx.xxx.28.150 6           139
2002-08-27 17:26:22.000        107.xxx.xxx.xxx xxx.xxx.28.151 6           139
2002-08-27 17:26:24.000        107.xxx.xxx.xxx xxx.xxx.28.151 6           139
2002-08-27 17:26:31.000        107.xxx.xxx.xxx xxx.xxx.28.151 6           139
2002-08-27 17:26:21.000        107.xxx.xxx.xxx xxx.xxx.28.152 6           139
2002-08-27 17:26:21.000        107.xxx.xxx.xxx xxx.xxx.28.152 6           139
2002-08-27 17:26:33.000        107.xxx.xxx.xxx xxx.xxx.28.155 6           139
2002-08-27 17:26:24.000        107.xxx.xxx.xxx xxx.xxx.28.155 6           139
2002-08-27 17:26:27.000        107.xxx.xxx.xxx xxx.xxx.28.157 6           139
2002-08-27 17:26:36.000        107.xxx.xxx.xxx xxx.xxx.28.157 6           139
2002-08-27 17:26:27.000        107.xxx.xxx.xxx xxx.xxx.28.157 6           139
2002-08-27 17:27:17.000        107.xxx.xxx.xxx xxx.xxx.28.201 6           139
2002-08-27 17:27:16.000        107.xxx.xxx.xxx xxx.xxx.28.201 6           139
2002-08-27 16:27:21.000        107.xxx.xxx.xxx xxx.xxx.28.202 6           139
2002-08-27 17:27:16.000        107.xxx.xxx.xxx xxx.xxx.28.202 6           139
2002-08-27 17:27:17.000        107.xxx.xxx.xxx xxx.xxx.28.204 6           139
2002-08-27 17:27:16.000        107.xxx.xxx.xxx xxx.xxx.28.204 6           139
2002-08-27 17:27:19.000        107.xxx.xxx.xxx xxx.xxx.28.204 6           139
2002-08-27 17:27:16.000        107.xxx.xxx.xxx xxx.xxx.28.205 6           139
2002-08-27 17:27:17.000        107.xxx.xxx.xxx xxx.xxx.28.205 6           139
2002-08-27 17:27:18.000        107.xxx.xxx.xxx xxx.xxx.28.210 6           139