On Monday 18 October 2004 15:51, Lee Duynslager wrote: > Has anybody out there been seeing scans of port 445 from machines on > campus? > > Oct 17 13:52:37 myhostname [2370]: attackalert: TCP SYN/Normal scan from > host: haydn.cse.msu.edu/35.9.26.157 to TCP port: 445 > > From what I understand this is an attempt to test for then exploit > avulnerability. > > 1. Anybody know the specifics on this? > > 2. Isn't scanning other departments machines without their consent > against Acceptable Use Policy? > > Lee Duynslager Well, yes it is, but we're dealing with zombied machines, not humans. This doesn't make it right, but it does mean that there can be hundreds to thousands of them out there. There are a LOT of things that scan on port 445, so there isn't any one or two exploits out there that cause this. Me, I'd try to contact the person responsible for the machines and let them know that they have compromised machines in all likelyhood. The number of zombied WIndows machines out in the world is a big problem. --STeve Andre'