Security Incidents mailing list archives

RE: large scale distributed scan of port tcp 445

From: Brian McWilliams <brian () pc-radio com>
Date: Fri, 09 Aug 2002 15:46:23 -0400

I've kind of been waiting for a spike in 445 scans for the past 12 months... :)


Windows 2000 Port Invites Intruders
26 Aug 2001, 6:14 PM CST

http://www.pc-radio.com/Windows%202000%20Port%20Invites%20Intruders.htm

Exploiting a hole in Windows 2000, a hacker says he penetrated Microsoft'scorporate network earlier this month and had full access to hundreds of thecompany's computers.




Brian


At 02:49 PM 8/9/2002, Jim Harrison (SPG) wrote:

Any W2K or later OS from Microsoft (except maybe .NET server) installs
with that port open.
It's not specific to XP.  It was added to W2K as a NetBIOS -135/139
replacement.

* Jim Harrison
MCP(NT4/2K), A+, Network+
Services Platform Division

The burden of proof is not satisfied by a lack of evidence to the
contrary..



-----Original Message-----
From: Thomas Cannon [mailto:tcannon () noops org]
Sent: Friday, August 09, 2002 9:54 AM
To: Rob Keown
Cc: 'Russell Fulton'; incidents () securityfocus com
Subject: RE: large scale distributed scan of port tcp 445


On Thu, 8 Aug 2002, Rob Keown wrote:

> That is MS-DS as I recall. I don't see anything in my logs but dshield

> has the port with a huge spike of targets, with low sources on 7/28.
> http://isc.incidents.org/port_details.html?port=445 It was ranked 4th
> on that day.
>
> Cannot recall any exploits on this port or service.
>
> Anyone know of any exploits on this?


I didn't know any, but this might be something to consider, if nothing
else:

http://www.sygate.com/alerts/XP_default_TCP445_open.htm


Cheers,

-tcannon


>
> Rob Keown
>
>
>
> ----------------------------------------------------------------------
> ------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

"No brain, no headache"


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

large scale distributed scan of port tcp 445 Russell Fulton (Aug 08)
- <Possible follow-ups>
- Re: large scale distributed scan of port tcp 445 Muhammad Faisal Rauf Danka (Aug 09)
  - Re: [unisog] Re: large scale distributed scan of port tcp 445 Russell Fulton (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rob Keown (Aug 09)
  - RE: large scale distributed scan of port tcp 445 Thomas Cannon (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
  - RE: large scale distributed scan of port tcp 445 H C (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
  - RE: large scale distributed scan of port tcp 445 Rick Darsey (Aug 09)
- RE: large scale distributed scan of port tcp 445 Brian McWilliams (Aug 09)
  - Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
    - Re: large scale distributed scan of port tcp 445 Deus, Attonbitus (Aug 12)
- RE: large scale distributed scan of port tcp 445 Beau Monday (Aug 09)