Jim, I don't see the logic in your statement. The Win32 API vulnerabilities pertain to GDI...are you implying that the port 445 scans are intending to log into Win2K via Direct Host, and then perhaps inject some code that exploits the GDI issue? --- "Jim Harrison (SPG)" <jmharrat_private> wrote: > Given the recent announcement of Windows API > vulnerabilities, a sudden > spike in TCP-445 scans isn't all that surprising. > If you're blocking it, then IMHO, your only real > concern is whether or > not it's interfering with your bandwidth... > > * Jim Harrison > MCP(NT4/2K), A+, Network+ > Services Platform Division > > The burden of proof is not satisfied by a lack of > evidence to the > contrary.. > > > > -----Original Message----- > From: Rob Keown [mailto:Keownat_private] > Sent: Thursday, August 08, 2002 4:15 PM > To: 'Russell Fulton'; incidentsat_private > Subject: RE: large scale distributed scan of port > tcp 445 > > > That is MS-DS as I recall. I don't see anything in > my logs but dshield > has the port with a huge spike of targets, with low > sources on 7/28. > http://isc.incidents.org/port_details.html?port=445 > It was ranked 4th on > that day. > > Cannot recall any exploits on this port or service. > > Anyone know of any exploits on this? > > Rob Keown > > > > ------------------------------------------------------------------------ > ---- > This list is provided by the SecurityFocus ARIS > analyzer service. For > more information on this free incident handling, > management > and tracking system please see: > http://aris.securityfocus.com > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS > analyzer service. > For more information on this free incident handling, > management > and tracking system please see: > http://aris.securityfocus.com > __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 13:32:49 PDT