Re: Worm activity
From: Andrés Montañez (andresmontanez.lists_at_gmail.com)
Date: Mon, 13 Jun 2005 22:34:17 -0300 To: Security Basics <firstname.lastname@example.org>
The port 445 is for the SMB suite (SaMBa or ActiveDirectory).
Port 135 is "DCOM Service Control Manager".
So the worm would be located in Windows workstations.
You should start getting a list of recent worms with those targets.
If you have WinClients... scann them.
-- Andrés G. Montañez Network Administrator Montevideo - Uruguay