Security Incidents mailing list archives
New CIFS (port 445) worm?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 17 Dec 2002 08:30:13 -0800
Overnight, I logged 13 connection attempts from random Internet addresses to my machine. 10 of them were to port 445, which is up significantly from a week ago. I'm also seeing lots of probes of this port at other network points. Yesterday I also had to disconnect two ports on our network because the machines on those ports were probing random Internet addresses on this port -- fast enough that one of our core routers was choking. My assumption, at this point, is that those two machines (and a bunch more out on the Internet) have been infected with something. The choice of port 445 suggests Win 2000/XP file shares as the infection vector. Anybody got more information? David Gillett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Rooted, .haos on system Damian Gerow (Dec 15)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
- Re: Rooted, .haos on system Mike Katz (Dec 16)
- Re: Rooted, .haos on system zeno (Dec 16)
- Re: Rooted, .haos on system Carlos Eduardo Pedroza Santiviago (Dec 16)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
- Message not available
- Re: Rooted, .haos on system Julian Young (Dec 17)
- New CIFS (port 445) worm? David Gillett (Dec 17)
- Re: New CIFS (port 445) worm? Zen (Dec 17)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
- Re: Rooted, .haos on system zeno (Dec 16)