[lug] new port 445 MS vulnerability??
D. Stimits
stimits at attbi.com
Thu Oct 10 21:21:27 MDT 2002
Chip Atkinson wrote:
> Check out
> http://www.vnunet.com/News/1131065
This looks like what it is, I'm just seeing the first wave. Nice to have
a filtering Linux bridge between the net and those stupid Windows machines.
D. Stimits, stimits AT attbi.com
>
> Chip
>
> On Thu, 10 Oct 2002, D. Stimits wrote:
>
>
>>All of a sudden, I am getting pounded (well, not too badly, but
>>consistently) with IP addresses from all over the place looking to
>>connect to port 445 tcp. They are harmless, nothing here is listening to
>>445, but I have to wonder if there is a new MS vulnerability here, or if
>>it is just a DDoS thing? Port 445 seems to be listed as microsoft domain
>>service. Anyone else seeing this? I am pasting a list of addresses
>>below, all of which were trying to get into port 445 at almost the same
>>time.
>>
>>D. Stimits, stimits AT attbi.com
>>
>>October 10, 2002
>>
>>12.98.54.204
>>146.151.79.52
>>195.47.118.56
>>212.41.199.189
>>212.47.15.6
>>213.106.152.65
>>213.106.172.25
>>24.86.112.137
>>62.163.11.153
>>62.30.43.100
>>68.32.49.155
>>68.36.109.55
>>68.42.144.163
>>68.42.23.92
>>68.43.38.204
>>68.44.164.190
>>68.44.194.63
>>68.44.70.135
>>68.45.106.115
>>68.45.117.135
>>68.45.255.223
>>68.46.136.191
>>68.46.14.101
>>68.46.32.18
>>68.46.36.14
>>68.47.208.117
>>68.47.44.188
>>80.0.150.84
>>80.4.11.170
>>80.4.61.215
>>81.96.126.106
>>81.98.183.82
More information about the LUG
mailing list