RE: large scale distributed scan of port tcp 445
From: Jim Harrison (SPG) (jmharr@microsoft.com)Date: 08/09/02
- Previous message: Thomas Cannon: "RE: large scale distributed scan of port tcp 445"
- Maybe in reply to: Russell Fulton: "large scale distributed scan of port tcp 445"
- Next in thread: H C: "RE: large scale distributed scan of port tcp 445"
- Next in thread: Jim Harrison (SPG): "RE: large scale distributed scan of port tcp 445"
- Reply: H C: "RE: large scale distributed scan of port tcp 445"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 9 Aug 2002 10:10:58 -0700 From: "Jim Harrison (SPG)" <jmharr@microsoft.com> To: "Rob Keown" <Keown@MACDIRECT.COM>, "Russell Fulton" <r.fulton@auckland.ac.nz>, <incidents@securityfocus.com>
Given the recent announcement of Windows API vulnerabilities, a sudden
spike in TCP-445 scans isn't all that surprising.
If you're blocking it, then IMHO, your only real concern is whether or
not it's interfering with your bandwidth...
* Jim Harrison
MCP(NT4/2K), A+, Network+
Services Platform Division
The burden of proof is not satisfied by a lack of evidence to the
contrary..
-----Original Message-----
From: Rob Keown [mailto:Keown@MACDIRECT.COM]
Sent: Thursday, August 08, 2002 4:15 PM
To: 'Russell Fulton'; incidents@securityfocus.com
Subject: RE: large scale distributed scan of port tcp 445
That is MS-DS as I recall. I don't see anything in my logs but dshield
has the port with a huge spike of targets, with low sources on 7/28.
http://isc.incidents.org/port_details.html?port=445 It was ranked 4th on
that day.
Cannot recall any exploits on this port or service.
Anyone know of any exploits on this?
Rob Keown
------------------------------------------------------------------------
---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Thomas Cannon: "RE: large scale distributed scan of port tcp 445"
- Maybe in reply to: Russell Fulton: "large scale distributed scan of port tcp 445"
- Next in thread: H C: "RE: large scale distributed scan of port tcp 445"
- Next in thread: Jim Harrison (SPG): "RE: large scale distributed scan of port tcp 445"
- Reply: H C: "RE: large scale distributed scan of port tcp 445"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
