Security Incidents mailing list archives
Re: TCP 445 Scan?
From: Bill McCarty <bmccarty () apu edu>
Date: Tue, 04 Mar 2003 07:41:34 -0800
--On Thursday, February 27, 2003 6:25 PM +0000 Charles Hamby <fixer () gci net> wrote:
Has anyone else recently been pegged with a large number of distributed TCP 445 scans over a short amount of time (within a few minutes)?
No, but I've seen a slow TCP 445 scan that took several hours to transit half of a class C network. However, the scan originated from a single IP. The source and destination port of all packets was 13000. Snort flagged the packets as related to the Shaft DDOS tool. But, I suspect the current tool merely shares code with Shaft. --------------------------------------------------- Bill McCarty ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- TCP 445 Scan? Charles Hamby (Mar 04)
- Re: TCP 445 Scan? Adam Bultman (Mar 04)
- Re: TCP 445 Scan? H C (Mar 04)
- RE: TCP 445 Scan? Charles Hamby (Mar 05)
- Re: TCP 445 Scan? Bill McCarty (Mar 04)
- RE: TCP 445 Scan? kyle (Mar 04)
- RE: TCP 445 Scan? Frank Knobbe (Mar 05)
- RE: TCP 445 Scan? kyle (Mar 05)
- RE: TCP 445 Scan? Frank Knobbe (Mar 05)
- Re: TCP 445 Scan? Brian McWilliams (Mar 05)
- Re: TCP 445 Scan? Johannes Ullrich (Mar 06)
- RE: TCP 445 Scan? kyle (Mar 06)
- Re: TCP 445 Scan? Johannes Ullrich (Mar 06)
- <Possible follow-ups>
- Re: TCP 445 Scan? Tom_Staskiewicz (Mar 04)
- SV: TCP 445 Scan? Peter Kruse (Mar 05)
- RE: TCP 445 Scan? Lee_Fisher (Mar 04)
- RE: TCP 445 Scan? Thompson, Jason (Mar 06)