Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: TCP/UDP Port 139 Activity - SANS Internet Storm Center TCP/UDP Port 139 Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
udp netbios-ssn NETBIOS Session Service
tcp netbios-ssn NETBIOS Session Service
tcp SMBRelay [trojan] SMB Relay
tcp Sadmind [trojan] Sadmind
tcp Qaz [trojan] Qaz
tcp Network [trojan] Network
tcp Netlog [trojan] Netlog
tcp Msinit [trojan] Msinit
tcp GodMessageworm [trojan] God Message worm
tcp Chode [trojan] Chode
[get complete service list]
User Comments
Submitted By Date
Comment
Marcus H. Sachs, SANS Institute 2003-10-10 00:35:06
SANS Top-20 Entry: W5 Windows Remote Access Services http://isc.sans.org/top20.html#w5 NETBIOS -- Unprotected Windows Networking Shares Microsoft Windows provides a host machine with the ability to share files or folders across a network with other hosts through Windows network shares. The underlying mechanism of this feature is the Server Message Block (SMB) protocol, or the Common Internet File System (CIFS). These protocols permit a host to manipulate remote files just as if they were local. Although this is a powerful and useful feature of Windows, improper configuration of network shares may expose critical system files or may provide a mechanism for a nefarious user or program to take full control of the host. One of the ways in which I-Worm.Klez.a-h (Klez Family) worm, Sircam virus (see CERT Advisory 2001-22) and Nimda worm (see CERT Advisory 2001-26) spread so rapidly in 2001 was by discovering unprotected network shares and placing copies of themselves in them. Many computer owners unknowingly open their systems to hackers when they try to improve convenience for co-workers and outside researchers by making their drives readable and writeable by network users. But when care is taken to ensure proper configuration of network shares, the risks of compromise can be adequately mitigated.
Add a comment
CVE Links
CVE # Description
CVE-1999-0182
CVE-2000-0347
CVE-2000-1081
CVE-2000-1082
CVE-2000-1083
CVE-2000-1084
CVE-2000-1085
CVE-2000-1086
CVE-2000-1087
CVE-2000-1088
CVE-2001-0542
CVE-2002-0642
CVE-2002-0724
CVE-2003-0201
CVE-2003-0533
CVE-2003-0812
CVE-2003-0813
CVE-2003-0818
CVE-2004-1154