Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Elevated scanning: TCP port 135 (RPC) AND 445 (Domain Services)
From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Tue, 27 Jan 2004 10:19:00 -0800

        At several locations we have seen a significant elevation in
scanning on TCP ports 135 AND 445.  The scannig machines are scanning
both ports, and seem to be doing a semirepeated scan (sometimes
attempting multiple tries at the same destination).

        This looks somewhat like a worm scan or widely distributed
scan which is targeting the windows RPC port and is also looking for
domain controllers (to attack?  To find other targets?  To
authenticate with other possible targets?)

        Does anyone have more information on this?

        Especially anybody with a windows honeypot?

-- 
Nicholas C. Weaver                                 nweaver () cs berkeley edu

  By Date           By Thread  

Current thread:
  • Elevated scanning: TCP port 135 (RPC) AND 445 (Domain Services) Nicholas Weaver (Jan 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]