Security Incidents mailing list archives

RE: Port 445 increase?

From: "Jim Harrison (SPG)" <jmharr () microsoft com>
Date: Mon, 3 Jun 2002 22:32:30 -0700

Yes; my ISA servers have logged these scans and continued on their merry way.
I have to be careful; having ISA servers between me and them can make me awfully lazy in my log scan habits...  ;-)
 
Jim

        -----Original Message----- 
        From: Mike Hrubes [mailto:MHrubes () wizmo com] 
        Sent: Mon 6/3/2002 14:02 
        To: incidents () securityfocus com 
        Cc: 
        Subject: Port 445 increase?
        
        

        Since around noon today (CST), we've really been getting hammered with tcp 445.  Interestingly, it appears to 
be a tool or worm doing the scanning.  All requests seem to follow the same basic format of ICMP, then 445, followed by 
nbname.  The requests are coming from many many different IPs, but are all directed at a single box on our network.
        
        Just curious if anyone else out there is seeing anything like this?
        
        Thanks!
        
        MH
        
        ----------------------------------------------------------------------------
        This list is provided by the SecurityFocus ARIS analyzer service.
        For more information on this free incident handling, management
        and tracking system please see: http://aris.securityfocus.com

Current thread:

Port 445 increase? Mike Hrubes (Jun 03)
- Re: Port 445 increase? Baribault, Gary (Jun 04)
- <Possible follow-ups>
- RE: Port 445 increase? Jim Harrison (SPG) (Jun 04)
- Re: Port 445 increase? Muhammad Faisal Rauf Danka (Jun 04)
  - Re: Port 445 increase? Brian Collins (Jun 04)
- Re: Port 445 increase? Eric Monti (Jun 06)
  - Re: Port 445 increase? Daniel Polombo (Jun 06)