Re: large scale distributed scan of port tcp 445

From: Gary Flynn (flynngnat_private)
Date: Fri Aug 09 2002 - 13:56:01 PDT

  • Next message: Deus, Attonbitus: "Re: large scale distributed scan of port tcp 445"

    Brian McWilliams wrote:
    > Exploiting a hole in Windows 2000, a hacker says he penetrated Microsoft's
    > corporate network earlier this month and had full access to hundreds of the
    > company's computers.
    Interesting story. Seems there are a lot of 2k/XP systems out there
    without adequate Administrator passwords. No administrator password
    means instant access to the C$ share...i.e. entire hard drive including
    startup folders. Even a weak password makes the system vulnerable
    as the Administrator isn't locked on unsuccessful password guesses
    as shipped.
    A lesson for those networks that block netbios by blocking port 139. 445
    needs to be blocked too.
    Another risk mitigation step is to use the Local or Group Security 
    Policy to deny network access to the Administrator account.
    Gary Flynn
    Security Engineer - Technical Services
    James Madison University
    Please R.U.N.S.A.F.E.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 14:43:11 PDT