Security Incidents: Port 445 increase?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Port 445 increase?

From: "Mike Hrubes" <MHrubes () wizmo com>
Date: Mon, 3 Jun 2002 16:02:20 -0500

Since around noon today (CST), we've really been getting hammered with tcp 445.  Interestingly, it appears to be a tool 
or worm doing the scanning.  All requests seem to follow the same basic format of ICMP, then 445, followed by nbname.  
The requests are coming from many many different IPs, but are all directed at a single box on our network.

Just curious if anyone else out there is seeing anything like this?

Thanks!

MH

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Port 445 increase? Mike Hrubes (Jun 03)
- Re: Port 445 increase? Baribault, Gary (Jun 04)
- <Possible follow-ups>
- RE: Port 445 increase? Jim Harrison (SPG) (Jun 04)
- Re: Port 445 increase? Muhammad Faisal Rauf Danka (Jun 04)
  - Re: Port 445 increase? Brian Collins (Jun 04)
- Re: Port 445 increase? Eric Monti (Jun 06)