paulf at salem.cc
Tue Jul 22 17:33:14 GMT 2003
Yes, I also saw a major increase in port 445 scanning last night/this morning. My PIX logs usually contain around 20K entries for a full 24hr period (not sure if this is normal on a full class C IP range, corporate use). However, this morning (around 3:00 - 6:oo PDT) my Kiwi Daemon sent me notices about receiving a quantity of messages past my threshold (5000), from the first alert at 6617 messages at 2:57 AM it jumped to 33264 at 5:58 AM. The overwhelming majority of these are port 445 hits. Things have quieted back down since then, with my normal firewall activity at around 800 - 1000 MPH.
Information Systems Lead
>>From: Paul Marsh [mailto:pmarsh at nmefdn.org]
>>Sent: Tuesday, July 22, 2003 8:42 AM
>>To: 'Dshield (E-mail)
>>Subject: [Dshield] 445
>>Has anyone else seen an increase in 445 scanning?
>>list mailing list
>>list at dshield.org
>>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list