[Dshield] port 445

David Cary Hart DShield at TQMcube.com
Wed Mar 16 19:14:49 GMT 2005


On Wed, 2005-03-16 at 09:52 -0500, Jeff Kell wrote:
> Aaron Lewis wrote:
> > I have started seeing this also. Port 445 and 139 scans are very heavy. All
> > from the same class C for me
> 
> > From: Lauro, John
> 
> > I am seeing a massive amount of traffic to port 445 that started a
> > little over 3 hours ago.  (about 1300 packets a second to our class
> > B).  
> 
> My summary from last night shows
> > Port	Packets	Sources	Targets	Service	Name
> > 445	53614	2230	626	microsoft-ds  	Win2k+ Server Message Block  
> > 139	50790	413	705	netbios-ssn  	NETBIOS Session Service  
> 
> This is from two /22 tarpits.
> 

I assume that means IPTables tarpit which creates roughly 10 to 20
superfluous ACK packets for each SYN.

One of these days, ISPs will get a clue and block all this nonsense for
residential/dynamic customers.

-- 
________________________________________________________________________
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds:  http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo:           http://www.TQMcube.com/rbldnsd.htm



More information about the list mailing list