New CIFS (port 445) worm?
From: David Gillett (gillettdavid@fhda.edu)
Date: 12/17/02
- Previous message: Julian Young: "Re: Rooted, .haos on system"
- In reply to: Damian Gerow: "Re: Rooted, .haos on system"
- Next in thread: Zen: "Re: New CIFS (port 445) worm?"
- Reply: Zen: "Re: New CIFS (port 445) worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Gillett" <gillettdavid@fhda.edu> To: <incidents@securityfocus.com> Date: Tue, 17 Dec 2002 08:30:13 -0800
Overnight, I logged 13 connection attempts from random
Internet addresses to my machine. 10 of them were to
port 445, which is up significantly from a week ago.
I'm also seeing lots of probes of this port at other
network points.
Yesterday I also had to disconnect two ports on our
network because the machines on those ports were probing
random Internet addresses on this port -- fast enough
that one of our core routers was choking.
My assumption, at this point, is that those two machines
(and a bunch more out on the Internet) have been infected
with something. The choice of port 445 suggests Win 2000/XP
file shares as the infection vector.
Anybody got more information?
David Gillett
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Oliver.C.Rochford CFH: "Re[2]: Rooted, .haos on system"
- Previous message: Julian Young: "Re: Rooted, .haos on system"
- In reply to: Damian Gerow: "Re: Rooted, .haos on system"
- Next in thread: Zen: "Re: New CIFS (port 445) worm?"
- Reply: Zen: "Re: New CIFS (port 445) worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
