On Monday 18 October 2004 15:51, Lee Duynslager wrote:
> Has anybody out there been seeing scans of port 445 from machines on
> campus?
>
> Oct 17 13:52:37 myhostname [2370]: attackalert: TCP SYN/Normal scan from
> host: haydn.cse.msu.edu/35.9.26.157 to TCP port: 445
>
> From what I understand this is an attempt to test for then exploit
> avulnerability.
>
> 1. Anybody know the specifics on this?
>
> 2. Isn't scanning other departments machines without their consent
> against Acceptable Use Policy?
>
> Lee Duynslager
Well, yes it is, but we're dealing with zombied machines, not humans.
This doesn't make it right, but it does mean that there can be hundreds
to thousands of them out there.
There are a LOT of things that scan on port 445, so there isn't any one
or two exploits out there that cause this. Me, I'd try to contact the person
responsible for the machines and let them know that they have compromised
machines in all likelyhood.
The number of zombied WIndows machines out in the world is a big
problem.
--STeve Andre'
|