Security Incidents mailing list archives

Re: Port 445 increase?

From: "Baribault, Gary" <gary () baribault net>
Date: Mon, 03 Jun 2002 20:56:45 -0400

I have been scanned lightly since May 25th for that destination port from anumber of addresses. I have not been hit since Saturday.


Gary  B

At 04:02 PM 6/3/2002 -0500, Mike Hrubes wrote:

Since around noon today (CST), we've really been getting hammered with tcp445. Interestingly, it appears to be a tool or worm doing thescanning. All requests seem to follow the same basic format of ICMP, then445, followed by nbname. The requests are coming from many many differentIPs, but are all directed at a single box on our network.
Just curious if anyone else out there is seeing anything like this?

Thanks!

MH

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

Port 445 increase? Mike Hrubes (Jun 03)
- Re: Port 445 increase? Baribault, Gary (Jun 04)
- <Possible follow-ups>
- RE: Port 445 increase? Jim Harrison (SPG) (Jun 04)
- Re: Port 445 increase? Muhammad Faisal Rauf Danka (Jun 04)
  - Re: Port 445 increase? Brian Collins (Jun 04)
- Re: Port 445 increase? Eric Monti (Jun 06)
  - Re: Port 445 increase? Daniel Polombo (Jun 06)