Educause Security Discussion mailing list archives
REN-ISAC: Large TCP/445 traffic increase on Abilene
From: Dave Monnier REN-ISAC <dmonnier () IU EDU>
Date: Sat, 12 Aug 2006 22:08:27 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We've observed a large spike in TCP/445 traffic[1] on the Abilene network. At this time a single cause cannot be determined. The ISC has reported[2] a bot leveraging the exploit for MS06-040 that we've also confirmed. At this time though we're not able to identify this as the sole reason for the spike in traffic. On behalf of the REN-ISAC Team, - -Dave 1. http://www.ren-isac.net/monitoring/port-costa.cgi?tcp_dst_445_packets 2. http://isc.sans.org/diary.php?storyid=1592 - -- | Dave Monnier - dmonnier () ren-isac net | | http://nicholas.ren-isac.net/dmonnier/ | | Principal Security Engineer, REN-ISAC http://www.ren-isac.net/ | | 24x7 Watch Desk: +1(317)278-6630, ren-isac () ren-isac net | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE3ombBIf6jlONJjIRAoTzAKDn+jMRimhpZHE/AWHwyac4Hu8tdACcCodH FCz+nN6mn6dOxSczJD+3dwk= =Uf+G -----END PGP SIGNATURE-----
Current thread:
- REN-ISAC: Large TCP/445 traffic increase on Abilene Dave Monnier REN-ISAC (Aug 12)