電腦領域 HKEPC Hardware - Powered by Discuz! Board

標題: 部機用 UDP 137 send 野出街？ [打印本頁]

作者: BB_HON 時間: 2013-6-4 13:50 標題: 部機用 UDP 137 send 野出街？

本帖最後由 BB_HON 於 2013-6-4 13:51 編輯

我今日係 Firewire log 發現左個 Network 有個 client 用 UDP 137 port send 一堆data 去幾個IP 的port 137
開幾後幾分鐘就無左
IP 好似來自一堆外國的 ISP (?)
係咪有古怪野？

OS: Windows 7 x64
Kaspersky Internet Security 2013 installed

Log from firewall

Jun/03/2013 11:15:18 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.33:137, len 78
Jun/03/2013 11:15:20 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.33:137, len 78
Jun/03/2013 11:15:21 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.33:137, len 78
Jun/03/2013 11:15:23 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.36:137, len 78
Jun/03/2013 11:15:24 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.36:137, len 78
Jun/03/2013 11:15:26 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->119.255.133.36:137, len 78
Jun/03/2013 11:15:28 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->202.177.216.236:137, len 78
Jun/03/2013 11:15:30 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->202.177.216.236:137, len 78
Jun/03/2013 11:15:31 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->202.177.216.236:137, len 78
Jun/03/2013 11:15:33 firewall,info virus: in:bridge-local out:ether01-WAN, src-mac <CLIENT MAC>, proto UDP, 192.168.1.3:137->62.128.100.41:137, len 78
......

複製代碼

作者: a189252158 時間: 2013-6-4 19:30

中毒,掃毒

作者: BB_HON 時間: 2013-6-4 19:46

回復 2# a189252158

Kaspersky 話無事

作者: a189252158 時間: 2013-6-4 19:53

D程式上傳野

作者: BB_HON 時間: 2013-6-4 19:57

回復 4# a189252158

137-139 一早block 左，唔知有無用其他port 出走左

作者: TH30 時間: 2013-7-23 19:02

我今日係 Firewire log 發現左個 Network 有個 client 用 UDP 137 port send 一堆data 去幾個IP 的port 137 ...
BB_HON 發表於 2013-6-4 01:50 PM

port 137 好似係 NetBIOS，試試關左佢？
　　

作者: BB_HON 時間: 2013-7-23 21:50

回復 7# TH30

係 NetBIOS, 但係出左街呢

果部機最後重裝左，暫時見唔到亂send 野

作者: yuen021088 時間: 2013-8-14 18:56

提示: 作者被禁止或刪除內容自動屏蔽