I have been scanned lightly since May 25th for that destination port from a number of addresses. I have not been hit since Saturday. Gary B At 04:02 PM 6/3/2002 -0500, Mike Hrubes wrote: >Since around noon today (CST), we've really been getting hammered with tcp >445. Interestingly, it appears to be a tool or worm doing the >scanning. All requests seem to follow the same basic format of ICMP, then >445, followed by nbname. The requests are coming from many many different >IPs, but are all directed at a single box on our network. > >Just curious if anyone else out there is seeing anything like this? > >Thanks! > >MH > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 08:23:50 PDT