New Worm? port 445 spam

Discussion in 'Port Explorer' started by Blackman, Mar 7, 2003.

Thread Status:
Not open for further replies.
  1. Blackman

    Blackman Registered Member

    Joined:
    Feb 28, 2003
    Posts:
    14
    Last night starting at 00:05 EST my router started recieving alot of attempts to connect on port 445(windows 2000/xp nbt) It rejects all of them, but this is the same way the SQL worm attack started. Most domains in the beginning were from .fr(france) and .it(italy).
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Looks like that has been going on for a week or so:

    http://www1.dshield.org/port_report.php?port=445

    Regards,

    Pieter
     
  3. Blackman

    Blackman Registered Member

    Joined:
    Feb 28, 2003
    Posts:
    14
    Thanks Peter! That shows a huge, exponential increase starting on 3-05-2003. Definitely something is out there. Funny, it just starting hitting my ip at 00:05am(gmt -5), exactly the way SQL slammer did. Some enterprising individual has probably added the ip generation scheme to his/her own smb connect worm.

    FanJ added this post on 3-04-2003 http://www.wilderssecurity.com/showthread.php?t=7735
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Another possible cause for hammering port 445:
    http://www.wilderssecurity.com/showthread.php?t=7872

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.