[Dshield] port 445
David Cary Hart
DShield at TQMcube.com
Wed Mar 16 19:14:49 GMT 2005
On Wed, 2005-03-16 at 09:52 -0500, Jeff Kell wrote:
> Aaron Lewis wrote:
> > I have started seeing this also. Port 445 and 139 scans are very heavy. All
> > from the same class C for me
> > From: Lauro, John
> > I am seeing a massive amount of traffic to port 445 that started a
> > little over 3 hours ago. (about 1300 packets a second to our class
> > B).
> My summary from last night shows
> > Port Packets Sources Targets Service Name
> > 445 53614 2230 626 microsoft-ds Win2k+ Server Message Block
> > 139 50790 413 705 netbios-ssn NETBIOS Session Service
> This is from two /22 tarpits.
I assume that means IPTables tarpit which creates roughly 10 to 20
superfluous ACK packets for each SYN.
One of these days, ISPs will get a clue and block all this nonsense for
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds: http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
More information about the list