Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: RE: large scale distributed scan of port tcp 445

RE: large scale distributed scan of port tcp 445

From: Brian McWilliams <brian_at_pc-radio.com>
Date: Fri, 09 Aug 2002 15:46:23 -0400

I've kind of been waiting for a spike in 445 scans for the past 12 months
... :)

Windows 2000 Port Invites Intruders
26 Aug 2001, 6:14 PM CST

http://www.pc-radio.com/Windows%202000%20Port%20Invites%20Intruders.htm

Exploiting a hole in Windows 2000, a hacker says he penetrated Microsoft's
corporate network earlier this month and had full access to hundreds of the
company's computers.

Brian

At 02:49 PM 8/9/2002, Jim Harrison (SPG) wrote:
>Any W2K or later OS from Microsoft (except maybe .NET server) installs
>with that port open.
>It's not specific to XP. It was added to W2K as a NetBIOS -135/139
>replacement.
>
>* Jim Harrison
>MCP(NT4/2K), A+, Network+
>Services Platform Division
>
>The burden of proof is not satisfied by a lack of evidence to the
>contrary..
>
>
>
>-----Original Message-----
>From: Thomas Cannon [mailto:tcannon_at_noops.org]
>Sent: Friday, August 09, 2002 9:54 AM
>To: Rob Keown
>Cc: 'Russell Fulton'; incidents_at_securityfocus.com
>Subject: RE: large scale distributed scan of port tcp 445
>
>
>On Thu, 8 Aug 2002, Rob Keown wrote:
>
> > That is MS-DS as I recall. I don't see anything in my logs but dshield
>
> > has the port with a huge spike of targets, with low sources on 7/28.
> > http://isc.incidents.org/port_details.html?port=445 It was ranked 4th
> > on that day.
> >
> > Cannot recall any exploits on this port or service.
> >
> > Anyone know of any exploits on this?
>
>
>I didn't know any, but this might be something to consider, if nothing
>else:
>
>http://www.sygate.com/alerts/XP_default_TCP445_open.htm
>
>
>Cheers,
>
>-tcannon
>
>
> >
> > Rob Keown
> >
> >
> >
> > ----------------------------------------------------------------------
> > ------
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management
> > and tracking system please see: http://aris.securityfocus.com
> >
>
>"No brain, no headache"
>
>
>------------------------------------------------------------------------
>----
>This list is provided by the SecurityFocus ARIS analyzer service. For
>more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Aug 09 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos