Security Incidents mailing list archives
Re: large scale distributed scan of port tcp 445
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 09 Aug 2002 16:56:01 -0400
Brian McWilliams wrote:
http://www.pc-radio.com/Windows%202000%20Port%20Invites%20Intruders.htm Exploiting a hole in Windows 2000, a hacker says he penetrated Microsoft's corporate network earlier this month and had full access to hundreds of the company's computers.
Interesting story. Seems there are a lot of 2k/XP systems out there without adequate Administrator passwords. No administrator password means instant access to the C$ share...i.e. entire hard drive including startup folders. Even a weak password makes the system vulnerable as the Administrator isn't locked on unsuccessful password guesses as shipped. A lesson for those networks that block netbios by blocking port 139. 445 needs to be blocked too. Another risk mitigation step is to use the Local or Group Security Policy to deny network access to the Administrator account. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- large scale distributed scan of port tcp 445 Russell Fulton (Aug 08)
- <Possible follow-ups>
- Re: large scale distributed scan of port tcp 445 Muhammad Faisal Rauf Danka (Aug 09)
- Re: [unisog] Re: large scale distributed scan of port tcp 445 Russell Fulton (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rob Keown (Aug 09)
- RE: large scale distributed scan of port tcp 445 Thomas Cannon (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 H C (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rick Darsey (Aug 09)
- RE: large scale distributed scan of port tcp 445 Brian McWilliams (Aug 09)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- Re: large scale distributed scan of port tcp 445 Deus, Attonbitus (Aug 12)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- RE: large scale distributed scan of port tcp 445 Beau Monday (Aug 09)