Distributed port 445 scan or spoof?

Pat Wilson paw at noh.ucsd.edu
Fri Feb 14 02:44:12 GMT 2003


Hmm.  We're seeing incidents of intense port 445 scanning, either from a
fairly well-coordinated distributed net or from something spoofing one -
lots of ISP IP addresses, for short bursts of activity.

Has anyone else seen this recently?  We normally see 445 scans, but not
from so many different directions at once...  If it _is_ an address
spoofer, any idea how to track it down?

Thanks.


Pat Wilson
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015



More information about the unisog mailing list