[Dshield] Port 445 storm

Rick Leske rick at jaray.net
Sun Mar 9 23:30:47 GMT 2003


http://isc.incidents.org/port_details.html?port=445

----- Original Message -----
From: "Serge Vondandamo" <svondandamo at mercury-eur.com>
To: "'General DShield Discussion List'" <list at dshield.org>
Sent: Sunday, March 09, 2003 2:02 PM
Subject: RE: [Dshield] Port 445 storm


> Hi,
>
> I have more than hundred scan every 2 minutes on port 445.
> The biggest scanner's IPs:
>
> 218.102.177.70
> NETVIGATOR
> HONG KONG
>
> 209.68.155.34
> a209-68-155-034.susd.k12.ca.us
> Host unreachable
>
> 209.68.128.0 - 209.68.159.255
>
> Santa Clara County Office of Education
> 100 Skyport Drive, MC 253
> San Jose
> CA
> 95110-1374
> United States
>
> Huie, David S.
> +1-408-453-6743
> huie at sccoe.net
>
> NS.SCCOE.NET
> NS2.SCCOE.NET
>
> Cheers
> Serge
>
> -----Original Message-----
> From: Korhonen Juuso [mailto:juuso.korhonen at camline.fi]
> Sent: Sunday, March 09, 2003 5:14 PM
> To: 'General DShield Discussion List'
> Subject: RE: [Dshield] Port 445 storm
>
> >From F-Secure WEB site:
>
> Deloder is a network worm infecting Windows machines which have set a weak
> password to the "Administrator" account.
>
> The worm scans random IP addresses, trying to locate Windows machines
which
> have port 445 accessible. Port 445 (Microsoft SMB over TCP/IP) allows
> outsiders to access Windows file shares.
>
> This worm was found around noon GMT on Sunday 9th of March, 2003.
>
>
> Best Regards
>
> Juuso Korhonen
>
>
> -----Original Message-----
> From: Mrcorp [mailto:mrcorp at yahoo.com]
> Sent: 9. maaliskuuta 2003 17:05
> To: General DShield Discussion List
> Subject: Re: [Dshield] Port 445 storm
>
>
> I have to confirm that the Honeynet setup for www.infosecwriters.com is
also
> receiving a
> tremendous amount of port 445 probes.  Hundreds of probes from many
> different ip address ranges
> are hitting several of the honeypots.
>
> mrcorp
>

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.



More information about the list mailing list