RE: large scale distributed scan of port tcp 445

From: Beau Monday (bmondayat_private)
Date: Fri Aug 09 2002 - 12:47:02 PDT

Next message: Gary Flynn: "Re: large scale distributed scan of port tcp 445"

Previous message: Brian McWilliams: "RE: large scale distributed scan of port tcp 445"
Maybe in reply to: Russell Fulton: "large scale distributed scan of port tcp 445"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I can confirm that this port is open on a default installation of .NET
Standard Server.

Regards
Beau Monday, MCSE CCNA GSEC
AT&T Wireless Services


-----Original Message-----
From: Jim Harrison (SPG) [mailto:jmharrat_private] 
Sent: Friday, August 09, 2002 11:50 AM
To: Thomas Cannon; Rob Keown
Cc: Russell Fulton; incidentsat_private
Subject: RE: large scale distributed scan of port tcp 445

Any W2K or later OS from Microsoft (except maybe .NET server) installs
with that port open.
It's not specific to XP.  It was added to W2K as a NetBIOS -135/139
replacement.

* Jim Harrison 
MCP(NT4/2K), A+, Network+
Services Platform Division

The burden of proof is not satisfied by a lack of evidence to the
contrary..



-----Original Message-----
From: Thomas Cannon [mailto:tcannonat_private] 
Sent: Friday, August 09, 2002 9:54 AM
To: Rob Keown
Cc: 'Russell Fulton'; incidentsat_private
Subject: RE: large scale distributed scan of port tcp 445


On Thu, 8 Aug 2002, Rob Keown wrote:

> That is MS-DS as I recall. I don't see anything in my logs but dshield

> has the port with a huge spike of targets, with low sources on 7/28. 
> http://isc.incidents.org/port_details.html?port=445 It was ranked 4th 
> on that day.
>
> Cannot recall any exploits on this port or service.
>
> Anyone know of any exploits on this?


I didn't know any, but this might be something to consider, if nothing
else:

http://www.sygate.com/alerts/XP_default_TCP445_open.htm


Cheers,

-tcannon


>
> Rob Keown
>
>
>
> ----------------------------------------------------------------------
> ------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

"No brain, no headache"


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Gary Flynn: "Re: large scale distributed scan of port tcp 445"
Previous message: Brian McWilliams: "RE: large scale distributed scan of port tcp 445"
Maybe in reply to: Russell Fulton: "large scale distributed scan of port tcp 445"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 14:04:23 PDT