increase in smb scans
From: Nathan W. Labadie (ab0781@wayne.edu)Date: 03/08/02
- Previous message: sheib: "Stray UDP activity?"
- Next in thread: Lee Ayres: "increase in smb scans"
- Reply: Lee Ayres: "increase in smb scans"
- Reply: Hugo van der Kooij: "Re: increase in smb scans"
- Reply: Nathan W. Labadie: "Re: increase in smb scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 8 Mar 2002 09:06:37 -0500 From: "Nathan W. Labadie" <ab0781@wayne.edu> To: incidents@securityfocus.com
Has anyone else noticed a _huge_ increase in SMB scans? I'm seeing sweeps
of various subnets 5-10 times a day. This started around two weeks ago...
they appear to be looking for open \\<netbios-name>\C shares. My guess is
that there looking for machines previously infected with Nimda, but I
could be wrong. It shows up as "NETBIOS SMB C access" under snort, and
"Tree Connect AndX Request" when the tpcdump is viewed with ethereal.
-- Nathan W. Labadie | ab0781@wayne.edu Sr. Security Specialist | 313/577.2126 Wayne State University | 313/577.1338 fax C&IT Information Security Office: http://security.wayne.edu---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: sheib: "Stray UDP activity?"
- Next in thread: Lee Ayres: "increase in smb scans"
- Reply: Lee Ayres: "increase in smb scans"
- Reply: Hugo van der Kooij: "Re: increase in smb scans"
- Reply: Nathan W. Labadie: "Re: increase in smb scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
