I've kind of been waiting for a spike in 445 scans for the past 12 months ... :) Windows 2000 Port Invites Intruders 26 Aug 2001, 6:14 PM CST http://www.pc-radio.com/Windows%202000%20Port%20Invites%20Intruders.htm Exploiting a hole in Windows 2000, a hacker says he penetrated Microsoft's corporate network earlier this month and had full access to hundreds of the company's computers. Brian At 02:49 PM 8/9/2002, Jim Harrison (SPG) wrote: >Any W2K or later OS from Microsoft (except maybe .NET server) installs >with that port open. >It's not specific to XP. It was added to W2K as a NetBIOS -135/139 >replacement. > >* Jim Harrison >MCP(NT4/2K), A+, Network+ >Services Platform Division > >The burden of proof is not satisfied by a lack of evidence to the >contrary.. > > > >-----Original Message----- >From: Thomas Cannon [mailto:tcannonat_private] >Sent: Friday, August 09, 2002 9:54 AM >To: Rob Keown >Cc: 'Russell Fulton'; incidentsat_private >Subject: RE: large scale distributed scan of port tcp 445 > > >On Thu, 8 Aug 2002, Rob Keown wrote: > > > That is MS-DS as I recall. I don't see anything in my logs but dshield > > > has the port with a huge spike of targets, with low sources on 7/28. > > http://isc.incidents.org/port_details.html?port=445 It was ranked 4th > > on that day. > > > > Cannot recall any exploits on this port or service. > > > > Anyone know of any exploits on this? > > >I didn't know any, but this might be something to consider, if nothing >else: > >http://www.sygate.com/alerts/XP_default_TCP445_open.htm > > >Cheers, > >-tcannon > > > > > > Rob Keown > > > > > > > > ---------------------------------------------------------------------- > > ------ > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: http://aris.securityfocus.com > > > >"No brain, no headache" > > >------------------------------------------------------------------------ >---- >This list is provided by the SecurityFocus ARIS analyzer service. For >more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 13:36:44 PDT