Security Incidents mailing list archives
RE: large scale distributed scan of port tcp 445
From: Brian McWilliams <brian () pc-radio com>
Date: Fri, 09 Aug 2002 15:46:23 -0400
I've kind of been waiting for a spike in 445 scans for the past 12 months ... :)
Windows 2000 Port Invites Intruders 26 Aug 2001, 6:14 PM CST http://www.pc-radio.com/Windows%202000%20Port%20Invites%20Intruders.htmExploiting a hole in Windows 2000, a hacker says he penetrated Microsoft's corporate network earlier this month and had full access to hundreds of the company's computers.
Brian At 02:49 PM 8/9/2002, Jim Harrison (SPG) wrote:
Any W2K or later OS from Microsoft (except maybe .NET server) installs with that port open. It's not specific to XP. It was added to W2K as a NetBIOS -135/139 replacement. * Jim Harrison MCP(NT4/2K), A+, Network+ Services Platform Division The burden of proof is not satisfied by a lack of evidence to the contrary.. -----Original Message----- From: Thomas Cannon [mailto:tcannon () noops org] Sent: Friday, August 09, 2002 9:54 AM To: Rob Keown Cc: 'Russell Fulton'; incidents () securityfocus com Subject: RE: large scale distributed scan of port tcp 445 On Thu, 8 Aug 2002, Rob Keown wrote: > That is MS-DS as I recall. I don't see anything in my logs but dshield > has the port with a huge spike of targets, with low sources on 7/28. > http://isc.incidents.org/port_details.html?port=445 It was ranked 4th > on that day. > > Cannot recall any exploits on this port or service. > > Anyone know of any exploits on this? I didn't know any, but this might be something to consider, if nothing else: http://www.sygate.com/alerts/XP_default_TCP445_open.htm Cheers, -tcannon > > Rob Keown > > > > ---------------------------------------------------------------------- > ------ > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > "No brain, no headache" ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- large scale distributed scan of port tcp 445 Russell Fulton (Aug 08)
- <Possible follow-ups>
- Re: large scale distributed scan of port tcp 445 Muhammad Faisal Rauf Danka (Aug 09)
- Re: [unisog] Re: large scale distributed scan of port tcp 445 Russell Fulton (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rob Keown (Aug 09)
- RE: large scale distributed scan of port tcp 445 Thomas Cannon (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 H C (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rick Darsey (Aug 09)
- RE: large scale distributed scan of port tcp 445 Brian McWilliams (Aug 09)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- Re: large scale distributed scan of port tcp 445 Deus, Attonbitus (Aug 12)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- RE: large scale distributed scan of port tcp 445 Beau Monday (Aug 09)