[lug] new port 445 MS vulnerability??
D. Stimits
stimits at attbi.com
Thu Oct 10 21:24:10 MDT 2002
Jeff wrote:
> I get them from time to time. I've never been able to figure out if
> it's anything I need to be concerned about. I also, do not have
> anything listening to the port. Oh well.
Till recently I only got a few hits. Then all of a sudden I was getting
an average of more than 3 hits per second, filling up logs. My filtering
bridge has said to me "yummy"...no more problem.
D. Stimits, stimits AT attbi.com
>
> "D. Stimits" wrote:
>
>>All of a sudden, I am getting pounded (well, not too badly, but
>>consistently) with IP addresses from all over the place looking to
>>connect to port 445 tcp. They are harmless, nothing here is listening to
>>445, but I have to wonder if there is a new MS vulnerability here, or if
>>it is just a DDoS thing? Port 445 seems to be listed as microsoft domain
>>service. Anyone else seeing this? I am pasting a list of addresses
>>below, all of which were trying to get into port 445 at almost the same
>>time.
>>
>>D. Stimits, stimits AT attbi.com
>>
>>October 10, 2002
>>
>>12.98.54.204
>>146.151.79.52
>>195.47.118.56
>>212.41.199.189
>>212.47.15.6
>>213.106.152.65
>>213.106.172.25
>>24.86.112.137
>>62.163.11.153
>>62.30.43.100
>>68.32.49.155
>>68.36.109.55
>>68.42.144.163
>>68.42.23.92
>>68.43.38.204
>>68.44.164.190
>>68.44.194.63
>>68.44.70.135
>>68.45.106.115
>>68.45.117.135
>>68.45.255.223
>>68.46.136.191
>>68.46.14.101
>>68.46.32.18
>>68.46.36.14
>>68.47.208.117
>>68.47.44.188
>>80.0.150.84
>>80.4.11.170
>>80.4.61.215
>>81.96.126.106
>>81.98.183.82
More information about the LUG
mailing list