[Dshield] Port 445 storm

Scott Fendley scottf at uark.edu
Sun Mar 9 15:19:35 GMT 2003


Yup it appears there is a new virus heading around the block.  I have not
received a copy of the virus as of yet, so I personally can't analyze it

Here is the little bit of information I have seen so far.  There has also
been a discussion on intrusions at incidents.com and
incidents at securityfocus.com about the new virus

http://www.sarc.com/avcenter/venc/data/w32.hllw.deloder.html
http://www.securityfocus.com/archive/75/314360/2003-03-06/2003-03-12/0
And whereever the intrusions@ mailing list archive is (the link at
http://www.incidents.org/archive/ no longer seems to work, so time to go
fix that as well.

 Hope that helps you find some answers on the front end.

Scott

On Sun, 9 Mar 2003, Lauro, John wrote:

> Hello,
>
> What's with all the port 445?  I just noticed it this morning. Is it a
> new virus, or just an increase in scanning?   See
> http://www.dshield.org/port_report.php?port=445   I don't think there
> is a lot of sources, but my poor firewall is blocking over 800 packets
> a second right now with a large % for port 445, and that's a lot of
> data to store and send to dshield.  It's not the first time I've seen
> these high of rates when I am port scanned, but they finish my net and
> move on....  This has been going on for too many (think it started
> about 8 hours ago) to be just a couple people scanning...
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>



More information about the list mailing list