Last night starting at 00:05 EST my router started recieving alot of attempts to connect on port 445(windows 2000/xp nbt) It rejects all of them, but this is the same way the SQL worm attack started. Most domains in the beginning were from .fr(france) and .it(italy).
Looks like that has been going on for a week or so: http://www1.dshield.org/port_report.php?port=445 Regards, Pieter
Thanks Peter! That shows a huge, exponential increase starting on 3-05-2003. Definitely something is out there. Funny, it just starting hitting my ip at 00:05am(gmt -5), exactly the way SQL slammer did. Some enterprising individual has probably added the ip generation scheme to his/her own smb connect worm. FanJ added this post on 3-04-2003 http://www.wilderssecurity.com/showthread.php?t=7735
Another possible cause for hammering port 445: http://www.wilderssecurity.com/showthread.php?t=7872 Regards, Pieter