Security Incidents mailing list archives
RE: large scale distributed scan of port tcp 445
From: Beau Monday <bmonday () scc mobilephone net>
Date: Fri, 9 Aug 2002 12:47:02 -0700
I can confirm that this port is open on a default installation of .NET Standard Server. Regards Beau Monday, MCSE CCNA GSEC AT&T Wireless Services -----Original Message----- From: Jim Harrison (SPG) [mailto:jmharr () microsoft com] Sent: Friday, August 09, 2002 11:50 AM To: Thomas Cannon; Rob Keown Cc: Russell Fulton; incidents () securityfocus com Subject: RE: large scale distributed scan of port tcp 445 Any W2K or later OS from Microsoft (except maybe .NET server) installs with that port open. It's not specific to XP. It was added to W2K as a NetBIOS -135/139 replacement. * Jim Harrison MCP(NT4/2K), A+, Network+ Services Platform Division The burden of proof is not satisfied by a lack of evidence to the contrary.. -----Original Message----- From: Thomas Cannon [mailto:tcannon () noops org] Sent: Friday, August 09, 2002 9:54 AM To: Rob Keown Cc: 'Russell Fulton'; incidents () securityfocus com Subject: RE: large scale distributed scan of port tcp 445 On Thu, 8 Aug 2002, Rob Keown wrote:
That is MS-DS as I recall. I don't see anything in my logs but dshield
has the port with a huge spike of targets, with low sources on 7/28. http://isc.incidents.org/port_details.html?port=445 It was ranked 4th on that day. Cannot recall any exploits on this port or service. Anyone know of any exploits on this?
I didn't know any, but this might be something to consider, if nothing else: http://www.sygate.com/alerts/XP_default_TCP445_open.htm Cheers, -tcannon
Rob Keown ---------------------------------------------------------------------- ------ This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
"No brain, no headache" ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: [unisog] Re: large scale distributed scan of port tcp 445, (continued)
- Re: [unisog] Re: large scale distributed scan of port tcp 445 Russell Fulton (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rob Keown (Aug 09)
- RE: large scale distributed scan of port tcp 445 Thomas Cannon (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 H C (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rick Darsey (Aug 09)
- RE: large scale distributed scan of port tcp 445 Brian McWilliams (Aug 09)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- Re: large scale distributed scan of port tcp 445 Deus, Attonbitus (Aug 12)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- RE: large scale distributed scan of port tcp 445 Beau Monday (Aug 09)