Port 445 increase?
From: Mike Hrubes (MHrubes@wizmo.com)Date: 06/03/02
- Previous message: Jon Nelson: "Re: scanning from WANADOO-CABLE-BD"
- Next in thread: Baribault, Gary: "Re: Port 445 increase?"
- Reply: Baribault, Gary: "Re: Port 445 increase?"
- Reply: Jim Harrison (SPG): "RE: Port 445 increase?"
- Reply: Muhammad Faisal Rauf Danka: "Re: Port 445 increase?"
- Reply: Eric Monti: "Re: Port 445 increase?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 Jun 2002 16:02:20 -0500 From: "Mike Hrubes" <MHrubes@wizmo.com> To: <incidents@securityfocus.com>
Since around noon today (CST), we've really been getting hammered with tcp 445. Interestingly, it appears to be a tool or worm doing the scanning. All requests seem to follow the same basic format of ICMP, then 445, followed by nbname. The requests are coming from many many different IPs, but are all directed at a single box on our network.
Just curious if anyone else out there is seeing anything like this?
Thanks!
MH
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Jon Nelson: "Re: scanning from WANADOO-CABLE-BD"
- Next in thread: Baribault, Gary: "Re: Port 445 increase?"
- Reply: Baribault, Gary: "Re: Port 445 increase?"
- Reply: Jim Harrison (SPG): "RE: Port 445 increase?"
- Reply: Muhammad Faisal Rauf Danka: "Re: Port 445 increase?"
- Reply: Eric Monti: "Re: Port 445 increase?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
