View Full Version : New Worm? port 445 spam
Blackman
March 7th, 2003, 07:32 AM
Last night starting at 00:05 EST my router started recieving alot of attempts to connect on port 445(windows 2000/xp nbt) It rejects all of them, but this is the same way the SQL worm attack started. Most domains in the beginning were from .fr(france) and .it(italy).
Pieter_Arntz
March 7th, 2003, 07:44 AM
Looks like that has been going on for a week or so:
http://www1.dshield.org/port_report.php?port=445
Regards,
Pieter
Blackman
March 7th, 2003, 08:27 AM
Thanks Peter! That shows a huge, exponential increase starting on 3-05-2003. Definitely something is out there. Funny, it just starting hitting my ip at 00:05am(gmt -5), exactly the way SQL slammer did. Some enterprising individual has probably added the ip generation scheme to his/her own smb connect worm.
FanJ added this post on 3-04-2003 http://www.wilderssecurity.com/showthread.php?t=7735
Pieter_Arntz
March 10th, 2003, 02:26 AM
Another possible cause for hammering port 445:
http://www.wilderssecurity.com/showthread.php?t=7872
Regards,
Pieter
vBulletin® Copyright ©2000-2009, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2009, Wilders Security Forums