Security Incidents mailing list archives
increase in smb scans
From: Lee Ayres <ayres () i-dep com>
Date: Fri, 8 Mar 2002 17:13:05 -0600
SANS Newsbites SANS NewsBites Vol. 4 Num. 10 opens with the following paragraph. "Hackers are currently scanning the entire Internet looking for Windows systems with unprotected shares. They have found thousands or perhaps tens of thousands of vulnerable systems and installed remote-control bots on those systems. If you have not checked your systems and your family's systems for open shares, now would be a very good time to find them and protect them." I can confirm that I have seen what looks like a steep increase in these scans as well. Nathan W. Labadie writes:
Has anyone else noticed a _huge_ increase in SMB scans? I'm seeing sweeps of various subnets 5-10 times a day. This started around two weeks ago... they appear to be looking for open \\<netbios-name>\C shares. My guess is that there looking for machines previously infected with Nimda, but I could be wrong. It shows up as "NETBIOS SMB C access" under snort, and "Tree Connect AndX Request" when the tpcdump is viewed with ethereal. -- Nathan W. Labadie | ab0781 () wayne edu Sr. Security Specialist | 313/577.2126 Wayne State University | 313/577.1338 fax C&IT Information Security Office: http://security.wayne.edu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
-- Lee Ayres <ayres () i-dep com> Systems Security Administrator I-DEP, LLC phone number (312 738 0740) fax number (312 738 0748) www.i-dep.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- increase in smb scans Nathan W. Labadie (Mar 08)
- increase in smb scans Lee Ayres (Mar 10)
- Re: increase in smb scans Hugo van der Kooij (Mar 10)
- Re: increase in smb scans Nathan W. Labadie (Mar 15)