Security Incidents: RE: large scale distributed scan of port tcp 445

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: large scale distributed scan of port tcp 445

From: Brian McWilliams <brian () pc-radio com>
Date: Fri, 09 Aug 2002 15:46:23 -0400

I've kind of been waiting for a spike in 445 scans for the past 12 months... :)


Windows 2000 Port Invites Intruders
26 Aug 2001, 6:14 PM CST

http://www.pc-radio.com/Windows%202000%20Port%20Invites%20Intruders.htm

Exploiting a hole in Windows 2000, a hacker says he penetrated Microsoft'scorporate network earlier this month and had full access to hundreds of thecompany's computers.




Brian


At 02:49 PM 8/9/2002, Jim Harrison (SPG) wrote:

Any W2K or later OS from Microsoft (except maybe .NET server) installs
with that port open.
It's not specific to XP.  It was added to W2K as a NetBIOS -135/139
replacement.

* Jim Harrison
MCP(NT4/2K), A+, Network+
Services Platform Division

The burden of proof is not satisfied by a lack of evidence to the
contrary..



-----Original Message-----
From: Thomas Cannon [mailto:tcannon () noops org]
Sent: Friday, August 09, 2002 9:54 AM
To: Rob Keown
Cc: 'Russell Fulton'; incidents () securityfocus com
Subject: RE: large scale distributed scan of port tcp 445


On Thu, 8 Aug 2002, Rob Keown wrote:

> That is MS-DS as I recall. I don't see anything in my logs but dshield

> has the port with a huge spike of targets, with low sources on 7/28.
> http://isc.incidents.org/port_details.html?port=445 It was ranked 4th
> on that day.
>
> Cannot recall any exploits on this port or service.
>
> Anyone know of any exploits on this?


I didn't know any, but this might be something to consider, if nothing
else:

http://www.sygate.com/alerts/XP_default_TCP445_open.htm


Cheers,

-tcannon


>
> Rob Keown
>
>
>
> ----------------------------------------------------------------------
> ------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

"No brain, no headache"


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

RE: large scale distributed scan of port tcp 445, (continued)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
  - RE: large scale distributed scan of port tcp 445 H C (Aug 09)
- RE: large scale distributed scan of port tcp 445 Jim Harrison (SPG) (Aug 09)
  - RE: large scale distributed scan of port tcp 445 Rick Darsey (Aug 09)
- RE: large scale distributed scan of port tcp 445 Brian McWilliams (Aug 09)
  - Re: large scale distributed scan of port tcp 445 Gary Flynn (Aug 09)
    - Re: large scale distributed scan of port tcp 445 Deus, Attonbitus (Aug 12)
- RE: large scale distributed scan of port tcp 445 Beau Monday (Aug 09)