|
Security Incidents
mailing list archives
Re: large scale distributed scan of port tcp 445
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 09 Aug 2002 16:56:01 -0400
Brian McWilliams wrote:
http://www.pc-radio.com/Windows%202000%20Port%20Invites%20Intruders.htm
Exploiting a hole in Windows 2000, a hacker says he penetrated Microsoft's
corporate network earlier this month and had full access to hundreds of the
company's computers.
Interesting story. Seems there are a lot of 2k/XP systems out there
without adequate Administrator passwords. No administrator password
means instant access to the C$ share...i.e. entire hard drive including
startup folders. Even a weak password makes the system vulnerable
as the Administrator isn't locked on unsuccessful password guesses
as shipped.
A lesson for those networks that block netbios by blocking port 139. 445
needs to be blocked too.
Another risk mitigation step is to use the Local or Group Security
Policy to deny network access to the Administrator account.
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- RE: large scale distributed scan of port tcp 445, (continued)
|
Intro
