RE: large scale distributed scan of port tcp 445

From: H C (keydet89at_private)
Date: Fri Aug 09 2002 - 13:20:25 PDT

Next message: Brian McWilliams: "RE: large scale distributed scan of port tcp 445"

Previous message: Rick Darsey: "RE: large scale distributed scan of port tcp 445"
In reply to: Jim Harrison (SPG): "RE: large scale distributed scan of port tcp 445"
Next in thread: Jim Harrison (SPG): "RE: large scale distributed scan of port tcp 445"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jim,

I don't see the logic in your statement.  The Win32
API vulnerabilities pertain to GDI...are you implying
that the port 445 scans are intending to log into
Win2K via Direct Host, and then perhaps inject some
code that exploits the GDI issue?


--- "Jim Harrison (SPG)" <jmharrat_private> wrote:
> Given the recent announcement of Windows API
> vulnerabilities, a sudden
> spike in TCP-445 scans isn't all that surprising.
> If you're blocking it, then IMHO, your only real
> concern is whether or
> not it's interfering with your bandwidth...
> 
> * Jim Harrison 
> MCP(NT4/2K), A+, Network+
> Services Platform Division
> 
> The burden of proof is not satisfied by a lack of
> evidence to the
> contrary..
> 
> 
> 
> -----Original Message-----
> From: Rob Keown [mailto:Keownat_private] 
> Sent: Thursday, August 08, 2002 4:15 PM
> To: 'Russell Fulton'; incidentsat_private
> Subject: RE: large scale distributed scan of port
> tcp 445
> 
> 
> That is MS-DS as I recall. I don't see anything in
> my logs but dshield
> has the port with a huge spike of targets, with low
> sources on 7/28.
> http://isc.incidents.org/port_details.html?port=445
> It was ranked 4th on
> that day.
> 
> Cannot recall any exploits on this port or service.
> 
> Anyone know of any exploits on this?
> 
> Rob Keown
> 
> 
> 
>
------------------------------------------------------------------------
> ----
> This list is provided by the SecurityFocus ARIS
> analyzer service. For
> more information on this free incident handling,
> management 
> and tracking system please see:
> http://aris.securityfocus.com
> 
> 
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS
> analyzer service.
> For more information on this free incident handling,
> management
> and tracking system please see:
> http://aris.securityfocus.com
> 


__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Brian McWilliams: "RE: large scale distributed scan of port tcp 445"
Previous message: Rick Darsey: "RE: large scale distributed scan of port tcp 445"
In reply to: Jim Harrison (SPG): "RE: large scale distributed scan of port tcp 445"
Next in thread: Jim Harrison (SPG): "RE: large scale distributed scan of port tcp 445"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 13:32:49 PDT