Educause Security Discussion mailing list archives

REN-ISAC: Large TCP/445 traffic increase on Abilene

From: Dave Monnier REN-ISAC <dmonnier () IU EDU>
Date: Sat, 12 Aug 2006 22:08:27 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We've observed a large spike in TCP/445 traffic[1] on the Abilene
network. At this time a single cause cannot be determined.

The ISC has reported[2] a bot leveraging the exploit for MS06-040 that
we've also confirmed.  At this time though we're not able to identify
this as the sole reason for the spike in traffic.

On behalf of the REN-ISAC Team,
- -Dave

1. http://www.ren-isac.net/monitoring/port-costa.cgi?tcp_dst_445_packets
2. http://isc.sans.org/diary.php?storyid=1592

- --

|              Dave Monnier - dmonnier () ren-isac net              |
|             http://nicholas.ren-isac.net/dmonnier/             |
| Principal Security Engineer, REN-ISAC http://www.ren-isac.net/ |
|     24x7 Watch Desk: +1(317)278-6630, ren-isac () ren-isac net    |

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE3ombBIf6jlONJjIRAoTzAKDn+jMRimhpZHE/AWHwyac4Hu8tdACcCodH
FCz+nN6mn6dOxSczJD+3dwk=
=Uf+G
-----END PGP SIGNATURE-----

Current thread:

REN-ISAC: Large TCP/445 traffic increase on Abilene Dave Monnier REN-ISAC (Aug 12)