|
Security Incidents
mailing list archives
RE: TCP 445 Scan?
From: Lee_Fisher () NAI com
Date: Tue, 4 Mar 2003 18:10:51 +0100
I have seen a few forums discuss an increase in TCP port 445 scans.
Similar nature/profile to your message below.
LANMAN service listens on this port.
This *may* be related ? http://www.kb.cert.org/vuls/id/693099
Lee Fisher
McAfee Security
-----Original Message-----
From: Charles Hamby [mailto:fixer () gci net]
Sent: 27 February 2003 18:25
To: incidents () securityfocus com
Subject: TCP 445 Scan?
Morning/Afternoon All,
Has anyone else recently been pegged with a large number of distributed
TCP 445 scans over a short amount of time (within a few minutes)? A
couple of days ago I was hit by roughly 60+ scans in a short amount of
time; when I waded through it it wound up being about 45 unique IP address
all looking for TCP 445. Below is an excerpt from my fireall log
(Netscreen). Has anyone else been seeing these sorts of scans lately?
I've only seen the one scan, so I haven't had a chance to capture any more
traffic.
-CDH
2003-2-23 23:05:52 Deny 213.51.247.114->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:49 Deny 213.51.247.114->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:36 Deny 213.51.21.143->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:33 Deny 213.51.21.143->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:30 Deny 12.242.204.86->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:27 Deny 12.242.204.86->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:23 Deny 62.253.118.133->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:21 Deny 65.163.177.202->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:20 Deny 62.253.118.133->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:19 Deny 217.1.167.84->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:18 Deny 65.163.177.202->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:18 Deny 12.231.241.129->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:18 Deny 24.66.39.214->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:17 Deny 12.229.115.40->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:16 Deny 62.190.172.203->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:16 Deny 217.1.167.84->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:16 Deny 217.162.202.177->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:16 Deny 217.162.183.155->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:15 Deny 12.231.241.129->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:15 Deny 24.66.39.214->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:14 Deny 141.153.232.196->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:14 Deny 12.229.115.40->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:14 Deny 12.231.161.15->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:13 Deny 217.162.7.16->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:13 Deny 62.190.172.203->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:13 Deny 12.242.250.247->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:13 Deny 217.162.202.177->W.X.Y.Z 0 sec TCP PORT 445
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";>
http://www.securityfocus.com/stillsecure </A>
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
 By Date 
By Thread
Current thread:
- Re: TCP 445 Scan?, (continued)
|
Intro
