RE: Numerous TCP port 445 scans on 3/2/03

["Patrick Webster" <webster_p () DeMorgan com au>]

| While going through my logs I came across a series of 
| 
| scans on TCP port 445 that took place on 3/2 between 
| 
| 14:54 and 15:23 EST (GMT-5), from 42 different IP 
| 
| addresses.

It could always be a nmap scan using decoys, however other suggestions
are more likely.

-Patrick

----------------------------------------------------

This correspondence is for the named person's use only.  It may contain confidential or legally privileged information 
or both.
No confidentiality or privilege is waived or lost by any mistransmission.  If you receive this correspondence in error, 
please immediately delete it from your system and notify the sender.  You must not disclose, copy or rely on any part 
of this correspondence if you are not the intended recipient.

Any views expressed in this message are those of the individual sender, except where the sender expressly, and with 
authority, states them to be the views of DeMorgan.
This e-mail has been checked for known Viruses. It is the responsibility of the receiver to check their system for 
infected files and any such file is deemed not to be the responsibility of DeMorgan.

---------------------------------------------------------

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>