Given the recent announcement of Windows API vulnerabilities, a sudden spike in TCP-445 scans isn't all that surprising. If you're blocking it, then IMHO, your only real concern is whether or not it's interfering with your bandwidth... * Jim Harrison MCP(NT4/2K), A+, Network+ Services Platform Division The burden of proof is not satisfied by a lack of evidence to the contrary.. -----Original Message----- From: Rob Keown [mailto:Keownat_private] Sent: Thursday, August 08, 2002 4:15 PM To: 'Russell Fulton'; incidentsat_private Subject: RE: large scale distributed scan of port tcp 445 That is MS-DS as I recall. I don't see anything in my logs but dshield has the port with a huge spike of targets, with low sources on 7/28. http://isc.incidents.org/port_details.html?port=445 It was ranked 4th on that day. Cannot recall any exploits on this port or service. Anyone know of any exploits on this? Rob Keown ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 12:04:47 PDT