In the past couple of months, I’ve been seeing increased scans coming from (what I think to be comprimised machines) in other buildings on campus. I informed the managers of the machines and the scans seemed to stop originating from the original ip addresses.
These two incidences could be related.
LD
From: Laurence Bates <[log in to unmask]">[log in to unmask]>
Reply-To: Laurence Bates <[log in to unmask]">[log in to unmask]>
Date: Tue, 8 Sep 2009 16:42:54 -0400
To: <[log in to unmask]">[log in to unmask]>
Subject: Re: [MSUNAG] Vista/2008/Windows 7 SMB2 BSOD 0Day
Isn’t TCP port 445 stopped at the MSU border? Stopping it between buildings could be a problem, especially for Mac users.
Laurence
From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of l duynslager
Sent: Tuesday, September 08, 2009 4:19 PM
To: [log in to unmask]">[log in to unmask]
Subject: [MSUNAG] Vista/2008/Windows 7 SMB2 BSOD 0Day
I thought everybody on the list would like to see this.
http://isc.sans.org/diary.html?storyid=7093
LD