What's up on Port 139?
It seems that we are experiencing a nice upswing on port 139.
The data for Sources, Targets and Reports shows all three are on the rise. There could be several possibilities for this. For starters, Microsoft released a patch for MS06-040 which was already being exploited in the wild (see the august patch status table for more details). There are also two worms that have been given a CME identifier that take advantage of MS06-040. However, both of these worms were given a CME number on August 14, so they have been around for a while and this upswing just started over the past couple of days. With that in mind, be sure that you are blocking port 139 and 445 if you can.
And if by chance you encounter anything interesting such as the malware or packet dump of the exploit, please let us know.
Comments