Security Incidents: RE: large scale distributed scan of port tcp 445

["Jim Harrison (SPG)" <jmharr () microsoft com>]

Given the recent announcement of Windows API vulnerabilities, a sudden
spike in TCP-445 scans isn't all that surprising.
If you're blocking it, then IMHO, your only real concern is whether or
not it's interfering with your bandwidth...

* Jim Harrison 
MCP(NT4/2K), A+, Network+
Services Platform Division

The burden of proof is not satisfied by a lack of evidence to the
contrary..



-----Original Message-----
From: Rob Keown [mailto:Keown () MACDIRECT COM] 
Sent: Thursday, August 08, 2002 4:15 PM
To: 'Russell Fulton'; incidents () securityfocus com
Subject: RE: large scale distributed scan of port tcp 445


That is MS-DS as I recall. I don't see anything in my logs but dshield
has the port with a huge spike of targets, with low sources on 7/28.
http://isc.incidents.org/port_details.html?port=445 It was ranked 4th on
that day.

Cannot recall any exploits on this port or service.

Anyone know of any exploits on this?

Rob Keown



------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com