[Dshield] Port 445 storm

Serge Vondandamo svondandamo at mercury-eur.com
Sun Mar 9 20:02:10 GMT 2003


Hi,

I have more than hundred scan every 2 minutes on port 445.
The biggest scanner's IPs:

218.102.177.70
NETVIGATOR
HONG KONG

209.68.155.34
a209-68-155-034.susd.k12.ca.us
Host unreachable

209.68.128.0 - 209.68.159.255

Santa Clara County Office of Education
100 Skyport Drive, MC 253
San Jose
CA
95110-1374
United States

Huie, David S.
+1-408-453-6743
huie at sccoe.net

NS.SCCOE.NET
NS2.SCCOE.NET

Cheers
Serge

-----Original Message-----
From: Korhonen Juuso [mailto:juuso.korhonen at camline.fi] 
Sent: Sunday, March 09, 2003 5:14 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Port 445 storm

>From F-Secure WEB site:

Deloder is a network worm infecting Windows machines which have set a weak
password to the "Administrator" account. 

The worm scans random IP addresses, trying to locate Windows machines which
have port 445 accessible. Port 445 (Microsoft SMB over TCP/IP) allows
outsiders to access Windows file shares. 

This worm was found around noon GMT on Sunday 9th of March, 2003. 


Best Regards

Juuso Korhonen


-----Original Message-----
From: Mrcorp [mailto:mrcorp at yahoo.com]
Sent: 9. maaliskuuta 2003 17:05
To: General DShield Discussion List
Subject: Re: [Dshield] Port 445 storm


I have to confirm that the Honeynet setup for www.infosecwriters.com is also
receiving a
tremendous amount of port 445 probes.  Hundreds of probes from many
different ip address ranges
are hitting several of the honeypots.  

mrcorp


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
****************************************************************************
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
****************************************************************************

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


More information about the list mailing list