[lug] new port 445 MS vulnerability??

D. Stimits stimits at attbi.com
Thu Oct 10 21:24:10 MDT 2002


Jeff wrote:
> I get them from time to time.  I've never been able to figure out if
> it's anything I need to be concerned about.  I also, do not have
> anything listening to the port.  Oh well.

Till recently I only got a few hits. Then all of a sudden I was getting 
an average of more than 3 hits per second, filling up logs. My filtering 
bridge has said to me "yummy"...no more problem.

D. Stimits, stimits AT attbi.com

> 
> "D. Stimits" wrote:
> 
>>All of a sudden, I am getting pounded (well, not too badly, but
>>consistently) with IP addresses from all over the place looking to
>>connect to port 445 tcp. They are harmless, nothing here is listening to
>>445, but I have to wonder if there is a new MS vulnerability here, or if
>>it is just a DDoS thing? Port 445 seems to be listed as microsoft domain
>>service. Anyone else seeing this? I am pasting a list of addresses
>>below, all of which were trying to get into port 445 at almost the same
>>time.
>>
>>D. Stimits, stimits AT attbi.com
>>
>>October 10, 2002
>>
>>12.98.54.204
>>146.151.79.52
>>195.47.118.56
>>212.41.199.189
>>212.47.15.6
>>213.106.152.65
>>213.106.172.25
>>24.86.112.137
>>62.163.11.153
>>62.30.43.100
>>68.32.49.155
>>68.36.109.55
>>68.42.144.163
>>68.42.23.92
>>68.43.38.204
>>68.44.164.190
>>68.44.194.63
>>68.44.70.135
>>68.45.106.115
>>68.45.117.135
>>68.45.255.223
>>68.46.136.191
>>68.46.14.101
>>68.46.32.18
>>68.46.36.14
>>68.47.208.117
>>68.47.44.188
>>80.0.150.84
>>80.4.11.170
>>80.4.61.215
>>81.96.126.106
>>81.98.183.82





More information about the LUG mailing list