Bugtraq mailing list archives
Elevated scanning: TCP port 135 (RPC) AND 445 (Domain Services)
From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Tue, 27 Jan 2004 10:19:00 -0800
At several locations we have seen a significant elevation in scanning on TCP ports 135 AND 445. The scannig machines are scanning both ports, and seem to be doing a semirepeated scan (sometimes attempting multiple tries at the same destination). This looks somewhat like a worm scan or widely distributed scan which is targeting the windows RPC port and is also looking for domain controllers (to attack? To find other targets? To authenticate with other possible targets?) Does anyone have more information on this? Especially anybody with a windows honeypot? -- Nicholas C. Weaver nweaver () cs berkeley edu
Current thread:
- Elevated scanning: TCP port 135 (RPC) AND 445 (Domain Services) Nicholas Weaver (Jan 27)