[Dshield] Surge in 445?
DavidHart at TQMcube.com
Sun Jan 18 23:26:59 GMT 2004
I just took a look at copies of Dshield reports and it looks like a
surge in 445 from nearby IPs. I'm curious. Is there anything I can tell
from the similarities between packets generated from two different IPs.
for example TCP packet options:
Jan 18 16:29:25 mail2 kernel: Firewall: IN=eth1 OUT=
DST=192.168.0.31 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=34778 DF PROTO=TCP
SPT=3701 DPT=445 SEQ=3174263281 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0
Jan 18 16:45:47 mail2 kernel: Firewall: IN=eth1 OUT=
DST=192.168.0.31 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=25258 DF PROTO=TCP
SPT=3632 DPT=445 SEQ=3350271271 ACK=0 WINDOW=64800 RES=0x00 SYN URGP=0
Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040118/cada9ba1/attachment.bin
More information about the list