RE: Increase in Source to Port 445

From: James C Slora Jr (Jim.Sloraat_private)
Date: Thu Apr 03 2003 - 07:07:01 PST

Next message: Amarante, Rodrigo P.: "RE: Logon.dll? Possible root-kit?"

Previous message: nobody: "Re: [0.5OT answer]possible rootkit, maybe partial?"
In reply to: Rob Keown: "Increase in Source to Port 445"
Next in thread: aladin168: "Re: Increase in Source to Port 445"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rob Keown wrote Tuesday, April 01, 2003 21:55

> We are observing an increase in port 445 traffic from a much wider group of
> sources than what we have seen over the last few weeks.

> Anyone else observing this?

Oh, yes. There's a lot going on, but it looks like several different causes. I
see lots of standalone 445 probes, and many combinations with other ports and
translate: f WebDAV probes. There also are a lot of 139 445 135 combos.

But overall, sources have gone from 1-2 sources per target per day to 10
sources or more per target per day.


----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents

Next message: Amarante, Rodrigo P.: "RE: Logon.dll? Possible root-kit?"
Previous message: nobody: "Re: [0.5OT answer]possible rootkit, maybe partial?"
In reply to: Rob Keown: "Increase in Source to Port 445"
Next in thread: aladin168: "Re: Increase in Source to Port 445"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 16:41:41 PST