Security Incidents mailing list archives
RE: large scale distributed scan of port tcp 445
From: "Jim Harrison (SPG)" <jmharr () microsoft com>
Date: Fri, 9 Aug 2002 11:49:36 -0700
Any W2K or later OS from Microsoft (except maybe .NET server) installs with that port open. It's not specific to XP. It was added to W2K as a NetBIOS -135/139 replacement. * Jim Harrison MCP(NT4/2K), A+, Network+ Services Platform Division The burden of proof is not satisfied by a lack of evidence to the contrary.. -----Original Message----- From: Thomas Cannon [mailto:tcannon () noops org] Sent: Friday, August 09, 2002 9:54 AM To: Rob Keown Cc: 'Russell Fulton'; incidents () securityfocus com Subject: RE: large scale distributed scan of port tcp 445 On Thu, 8 Aug 2002, Rob Keown wrote:
That is MS-DS as I recall. I don't see anything in my logs but dshield
has the port with a huge spike of targets, with low sources on 7/28. http://isc.incidents.org/port_details.html?port=445 It was ranked 4th on that day. Cannot recall any exploits on this port or service. Anyone know of any exploits on this?
I didn't know any, but this might be something to consider, if nothing else: http://www.sygate.com/alerts/XP_default_TCP445_open.htm Cheers, -tcannon
Rob Keown ---------------------------------------------------------------------- ------ This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
"No brain, no headache" ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- large scale distributed scan of port tcp 445 Russell Fulton (Aug 08)
- <Possible follow-ups>
- Re: large scale distributed scan of port tcp 445 Muhammad Faisal Rauf Danka (Aug 09)
- Re: [unisog] Re: large scale distributed scan of port tcp 445 Russell Fulton (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rob Keown (Aug 09)
- RE: large scale distributed scan of port tcp 445 Thomas Cannon (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 H C (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
- RE: large scale distributed scan of port tcp 445 Rick Darsey (Aug 09)
- RE: large scale distributed scan of port tcp 445 Brian McWilliams (Aug 09)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- Re: large scale distributed scan of port tcp 445 Deus, Attonbitus (Aug 12)
- Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
- RE: large scale distributed scan of port tcp 445 Beau Monday (Aug 09)