[Dshield] port 445

David Cary Hart DShield at TQMcube.com
Mon Mar 14 17:03:45 GMT 2005


On Mon, 2005-03-14 at 08:23 -0500, Lauro, John wrote:
> Hello,
>  
> I am seeing a massive amount of traffic to port 445 that started a
> little over 3 hours ago.  (about 1300 packets a second to our class
> B).  
>  
> Just wondering if it's a new worm, or more likely I am being DDOS
> attacked. 

Is it all from one client?

Do you need 445 open to the world? 

There's a simple way to move these to IPTables with swatch (assuming
*nix).

-- 
________________________________________________________________________
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds:  http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo:           http://www.TQMcube.com/rbldnsd.htm




More information about the list mailing list