RE: large scale distributed scan of port tcp 445

From: Jim Harrison (SPG) (jmharrat_private)
Date: Fri Aug 09 2002 - 10:10:58 PDT

  • Next message: Jim Harrison (SPG): "RE: large scale distributed scan of port tcp 445"

    Given the recent announcement of Windows API vulnerabilities, a sudden
    spike in TCP-445 scans isn't all that surprising.
    If you're blocking it, then IMHO, your only real concern is whether or
    not it's interfering with your bandwidth...
    
    * Jim Harrison 
    MCP(NT4/2K), A+, Network+
    Services Platform Division
    
    The burden of proof is not satisfied by a lack of evidence to the
    contrary..
    
    
    
    -----Original Message-----
    From: Rob Keown [mailto:Keownat_private] 
    Sent: Thursday, August 08, 2002 4:15 PM
    To: 'Russell Fulton'; incidentsat_private
    Subject: RE: large scale distributed scan of port tcp 445
    
    
    That is MS-DS as I recall. I don't see anything in my logs but dshield
    has the port with a huge spike of targets, with low sources on 7/28.
    http://isc.incidents.org/port_details.html?port=445 It was ranked 4th on
    that day.
    
    Cannot recall any exploits on this port or service.
    
    Anyone know of any exploits on this?
    
    Rob Keown
    
    
    
    ------------------------------------------------------------------------
    ----
    This list is provided by the SecurityFocus ARIS analyzer service. For
    more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 12:04:47 PDT