Yup 139/tcp is netbios (used in network shares) and 1026/1027/udp is the Messenger service (not MSN, but the thing that pops up messages on your screen -- you might have seen it on some office networks when your print job has finished it tells you, etc, etc)...

Why are they open? If it's just email, just open port 25/tcp (smtp) and 110/tcp (if you wanna allow pop3 for outside)

people scanning for port 139 open I'd guess, which is Netbios I think :boggle:

basically scanning for open shares.

Port 139 shouldn't be in there, close it.

someone probably did an IP/port scan, or a worm is trying to access...as long as they were blocked i wouldnt worry about it mate :thumbs:

although do a lookup on ports 139, 1026( to 9) and see what uses them etc :)

where 192.168.0.99 is the server.

Right, im a bit worried about this, so i thought id ask for an opinion.
the network at work is behind a router, which has port forwarding on, just to go to one PC.
This one PC is an email server. The forwarding allows people to access the email server from home and read/write emails etc.
Just checking the logs on the router, there is way too much action going on, take a look:


Thu, 2005-02-03 15:33:37 - TCP Packet - Source:69.155.117.240,61641 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:33:37 - Send E-mail Success!
Thu, 2005-02-03 15:33:39 - TCP Packet - Source:69.155.117.240,4431 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:33:40 - TCP Packet - Source:216.146.70.114,3257 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:01 - TCP Packet - Source:69.155.117.240,1659 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:01 - TCP Packet - Source:69.155.117.240,60791 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:06 - TCP Packet - Source:69.155.117.240,1863 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:06 - TCP Packet - Source:69.155.117.240,61169 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:31 - UDP Packet - Source:212.59.3.94,1027 Destination:192.168.0.99,137 - [Any(ALL) match]
Thu, 2005-02-03 15:34:32 - TCP Packet - Source:212.59.3.94,3135 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:33 - TCP Packet - Source:69.155.117.240,3020 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:33 - TCP Packet - Source:69.155.117.240,61030 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:36 - TCP Packet - Source:69.155.117.240,3145 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:40 - TCP Packet - Source:69.155.117.240,3354 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:44 - UDP Packet - Source:66.238.253.123,34485 Destination:192.168.0.99,1027 - [Any(ALL) match]
Thu, 2005-02-03 15:34:44 - UDP Packet - Source:66.238.253.123,34485 Destination:192.168.0.99,1026 - [Any(ALL) match]
Thu, 2005-02-03 15:34:45 - TCP Packet - Source:69.155.117.240,3627 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:34:45 - TCP Packet - Source:69.155.117.240,61759 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:35:16 - TCP Packet - Source:69.155.117.240,1379 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:35:40 - TCP Packet - Source:193.77.138.184,39506 Destination:192.168.0.99,11061 - [Any(ALL) match]
Thu, 2005-02-03 15:35:42 - TCP Packet - Source:216.146.70.114,3505 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:06 - TCP Packet - Source:69.155.117.240,3212 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:06 - TCP Packet - Source:69.155.117.240,60117 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:08 - TCP Packet - Source:69.155.117.240,3452 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:08 - TCP Packet - Source:69.155.117.240,60474 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:10 - TCP Packet - Source:69.155.117.240,3565 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:10 - TCP Packet - Source:69.155.117.240,60586 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:14 - TCP Packet - Source:69.155.117.240,3728 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:14 - TCP Packet - Source:69.155.117.240,60817 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:46 - TCP Packet - Source:69.155.117.240,1164 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:46 - TCP Packet - Source:69.155.117.240,61846 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:36:47 - UDP Packet - Source:222.208.168.126,49702 Destination:192.168.0.99,1026 - [Any(ALL) match]
Thu, 2005-02-03 15:36:47 - UDP Packet - Source:222.208.168.126,46509 Destination:192.168.0.99,1026 - [Any(ALL) match]
Thu, 2005-02-03 15:36:47 - UDP Packet - Source:222.208.168.126,49574 Destination:192.168.0.99,1027 - [Any(ALL) match]
Thu, 2005-02-03 15:36:47 - UDP Packet - Source:222.208.168.126,46509 Destination:192.168.0.99,1027 - [Any(ALL) match]
Thu, 2005-02-03 15:37:04 - TCP Packet - Source:216.146.70.114,3505 Destination:192.168.0.99,139 - [Any(ALL) match]
Thu, 2005-02-03 15:37:05 - TCP Packet - Source:216.146.70.114,3655 Destination:192.168.0.99,139 - [Any(ALL) match]



Can anyone shed any light on this?
:-s