|
Security Incidents
mailing list archives
RE: Port 445 increase?
From: "Jim Harrison (SPG)" <jmharr () microsoft com>
Date: Mon, 3 Jun 2002 22:32:30 -0700
Yes; my ISA servers have logged these scans and continued on their merry way.
I have to be careful; having ISA servers between me and them can make me awfully lazy in my log scan habits... ;-)
Jim
-----Original Message-----
From: Mike Hrubes [mailto:MHrubes () wizmo com]
Sent: Mon 6/3/2002 14:02
To: incidents () securityfocus com
Cc:
Subject: Port 445 increase?
Since around noon today (CST), we've really been getting hammered with tcp 445. Interestingly, it appears to
be a tool or worm doing the scanning. All requests seem to follow the same basic format of ICMP, then 445, followed by
nbname. The requests are coming from many many different IPs, but are all directed at a single box on our network.
Just curious if anyone else out there is seeing anything like this?
Thanks!
MH
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
|
Intro
