Security Incidents mailing list archives
RE: large scale distributed scan of port tcp 445
From: H C <keydet89 () yahoo com>
Date: Fri, 9 Aug 2002 13:20:25 -0700 (PDT)
Jim, I don't see the logic in your statement. The Win32 API vulnerabilities pertain to GDI...are you implying that the port 445 scans are intending to log into Win2K via Direct Host, and then perhaps inject some code that exploits the GDI issue? --- "Jim Harrison (SPG)" <jmharr () microsoft com> wrote:
Given the recent announcement of Windows API vulnerabilities, a sudden spike in TCP-445 scans isn't all that surprising. If you're blocking it, then IMHO, your only real concern is whether or not it's interfering with your bandwidth... * Jim Harrison MCP(NT4/2K), A+, Network+ Services Platform Division The burden of proof is not satisfied by a lack of evidence to the contrary.. -----Original Message----- From: Rob Keown [mailto:Keown () MACDIRECT COM] Sent: Thursday, August 08, 2002 4:15 PM To: 'Russell Fulton'; incidents () securityfocus com Subject: RE: large scale distributed scan of port tcp 445 That is MS-DS as I recall. I don't see anything in my logs but dshield has the port with a huge spike of targets, with low sources on 7/28. http://isc.incidents.org/port_details.html?port=445 It was ranked 4th on that day. Cannot recall any exploits on this port or service. Anyone know of any exploits on this? Rob Keown
------------------------------------------------------------------------
---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
__________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- large scale distributed scan of port tcp 445 Russell Fulton (Aug 08)
- <Possible follow-ups>
- Re: large scale distributed scan of port tcp 445 Muhammad Faisal Rauf Danka (Aug 09)
- Re: [unisog] Re: large scale distributed scan of port tcp 445 Russell Fulton (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rob Keown (Aug 09)
- RE: large scale distributed scan of port tcp 445 Thomas Cannon (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 H C (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rick Darsey (Aug 09)
- RE: large scale distributed scan of port tcp 445 Brian McWilliams (Aug 09)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- Re: large scale distributed scan of port tcp 445 Deus, Attonbitus (Aug 12)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- RE: large scale distributed scan of port tcp 445 Beau Monday (Aug 09)