|
Oliver > > yesterday, we had some strange netbios TCP/IP connections on > > our AS/400's (both of them). > > A PC from a remote WAN location was connecting on port 445 to > > internal ip-addresses of our > > 810 and 820. Here's some more info; "port 445 is also an attack vector for RPC-DCOM and 445 is only found on 2k/ xp / 2k3 as well. As a side note, ASP running on IIS links to dcom functions, and port 80 is also another vector. With the prevelance of the dcom exploit, i imagine the port 445 scan is a side affect of routine exploit fingerprinting from would-be attackers." And "We've been seeing increased activity from Randex.D worm infections, which generated similar types of scan patterns: http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html"; --phil
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
