Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Exploit available for MS05-011, Rumored spikes in 445 scanning - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Exploit available for MS05-011, Rumored spikes in 445 scanning
Exploit available for MS05-011, Rumored spikes in 445 scanning

FrSIRT has published exploit code for the recent flaw in Microsoft Server Message Block (SMB). The advisory and patch related to this vulnerability were released on February 8th, 2005.

If you still have not patched, you are further urged to do so in light of the release of exploit code.

<don_your_tinfoil_hat>
Spike in 445?

There has been much media attention in the past two days to the report by Gartner that there has been a massive spike in scanning for TCP port 445.

http://www.eweek.com/article2/0,1759,1830698,00.asp
http://www.vnunet.com/vnunet/news/2138515/mass-hack-attacks-targets-port

</don_your_tinfoil_hat>

There was a spike around the 13th of May, but nothing out of the ordinary is showing on the Dshield data.

http://isc.sans.org/port_details.php?port=445&days=70

If you have noticed a recent spike in activity, please report it to the ISC.

Mike Poor

moc.snaidraugletni@ekim
Mike

49 Posts

Sign Up for Free or Log In to start participating in the conversation!