Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Exploit available for MS05-011, Rumored spikes in 445 scanning

Published: 2005-06-23
Last Updated: 2005-06-24 20:17:19 UTC
by Mike Poor (Version: 1)
0 comment(s)
Exploit available for MS05-011, Rumored spikes in 445 scanning

FrSIRT has published exploit code for the recent flaw in Microsoft Server Message Block (SMB). The advisory and patch related to this vulnerability were released on February 8th, 2005.

If you still have not patched, you are further urged to do so in light of the release of exploit code.

<don_your_tinfoil_hat>
Spike in 445?

There has been much media attention in the past two days to the report by Gartner that there has been a massive spike in scanning for TCP port 445.

http://www.eweek.com/article2/0,1759,1830698,00.asp
http://www.vnunet.com/vnunet/news/2138515/mass-hack-attacks-targets-port

</don_your_tinfoil_hat>

There was a spike around the 13th of May, but nothing out of the ordinary is showing on the Dshield data.

http://isc.sans.org/port_details.php?port=445&days=70

If you have noticed a recent spike in activity, please report it to the ISC.

Mike Poor

moc.snaidraugletni@ekim
Keywords:
0 comment(s)
Diary Archives