RE: Increase in Source to Port 445

From: James C Slora Jr (Jim.Slora@phra.com)
Date: 04/03/03

  • Next message: Amarante, Rodrigo P.: "RE: Logon.dll? Possible root-kit?"
    From: "James C Slora Jr" <Jim.Slora@phra.com>
    To: "'Rob Keown'" <Keown@MACDIRECT.COM>, <incidents@securityfocus.com>
    Date: Thu, 3 Apr 2003 10:07:01 -0500
    
    

    Rob Keown wrote Tuesday, April 01, 2003 21:55

    > We are observing an increase in port 445 traffic from a much wider group of
    > sources than what we have seen over the last few weeks.

    > Anyone else observing this?

    Oh, yes. There's a lot going on, but it looks like several different causes. I
    see lots of standalone 445 probes, and many combinations with other ports and
    translate: f WebDAV probes. There also are a lot of 139 445 135 combos.

    But overall, sources have gone from 1-2 sources per target per day to 10
    sources or more per target per day.

    ----------------------------------------------------------------------------
    Powerful Anti-Spam Management and More...
    SurfControl E-mail Filter puts the brakes on spam,
    viruses and malicious code. Safeguard your business
    critical communications. Download a free 30-day trial:
    http://www.securityfocus.com/SurfControl-incidents


  • Next message: Amarante, Rodrigo P.: "RE: Logon.dll? Possible root-kit?"