RE: large scale distributed scan of port tcp 445

From: Jim Harrison (SPG) (jmharr@microsoft.com)
Date: 08/09/02


Date: Fri, 9 Aug 2002 10:10:58 -0700
From: "Jim Harrison (SPG)" <jmharr@microsoft.com>
To: "Rob Keown" <Keown@MACDIRECT.COM>, "Russell Fulton" <r.fulton@auckland.ac.nz>, <incidents@securityfocus.com>

Given the recent announcement of Windows API vulnerabilities, a sudden
spike in TCP-445 scans isn't all that surprising.
If you're blocking it, then IMHO, your only real concern is whether or
not it's interfering with your bandwidth...

* Jim Harrison
MCP(NT4/2K), A+, Network+
Services Platform Division

The burden of proof is not satisfied by a lack of evidence to the
contrary..

-----Original Message-----
From: Rob Keown [mailto:Keown@MACDIRECT.COM]
Sent: Thursday, August 08, 2002 4:15 PM
To: 'Russell Fulton'; incidents@securityfocus.com
Subject: RE: large scale distributed scan of port tcp 445

That is MS-DS as I recall. I don't see anything in my logs but dshield
has the port with a huge spike of targets, with low sources on 7/28.
http://isc.incidents.org/port_details.html?port=445 It was ranked 4th on
that day.

Cannot recall any exploits on this port or service.

Anyone know of any exploits on this?

Rob Keown

------------------------------------------------------------------------

----
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • RE: large scale distributed scan of port tcp 445
    ... large scale distributed scan of port tcp 445 ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Fw: Port 1975 rogue service
    ... Pubstro (note the term Pubstro Uptime in the readout) is a term used by the ... What you have is an FTP server running on a non standard port ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: large scale distributed scan of port tcp 445
    ... I can confirm that this port is open on a default installation of .NET ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: large scale distributed scan of port tcp 445
    ... On Thu, 8 Aug 2002, Rob Keown wrote: ... > the port with a huge spike of targets, ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: large scale distributed scan of port tcp 445
    ... Windows 2000 Port Invites Intruders ... >> This list is provided by the SecurityFocus ARIS analyzer service. ... >> For more information on this free incident handling, management ...
    (Incidents)