Distributed port 445 scan or spoof?
paw at noh.ucsd.edu
Fri Feb 14 02:44:12 GMT 2003
Hmm. We're seeing incidents of intense port 445 scanning, either from a
fairly well-coordinated distributed net or from something spoofing one -
lots of ISP IP addresses, for short bursts of activity.
Has anyone else seen this recently? We normally see 445 scans, but not
from so many different directions at once... If it _is_ an address
spoofer, any idea how to track it down?
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015
More information about the unisog