class101
24-06-05, 17:06
src: http://www.eweek.com/article2/0,1759,1830698,00.asp
Mass TCP Port Attack Could Be Imminent, Analyst Warns
By Ryan Naraine
June 22, 2005
An ominous increase in sniffing activity on TCP Port 445 could signal an impending mass malicious code attack targeting a recently patched Microsoft vulnerability, according to a warning from security researchers.
ADVERTISEMENT Researchers at Symantec Corp.'s DeepSight Network have detected a surge in scans on Port 445, an indication that malicious hackers may have already created exploits for a flaw in Microsoft Corp.'s implementation of the SMB (Server Message Block) protocol.
In Windows 2000, Windows XP and Windows Server 2003, Microsoft uses TCP Port 445 to run SMB directly over TCP/IP to handle the sharing of files, printers, serial ports, and also to communicate between computers.
The vulnerability, which was rated "critical," was patched one week ago in Microsoft's MS05-027 bulletin, and the increased noise on that port could be the first sign that a password brute force attack is imminent, Symantec DeepSight warned.
A spokesperson for Microsoft's Security Response Center said the company was not aware of any active attempts to exploit the vulnerability.
"Port scanning is an activity that may be indicative of an attempt to discover attack vectors against any vendor product and is not an activity unique to Microsoft products," she added.
She said software engineers at Redmond would continue to analyze and monitor for any malicious activity but stressed that she was not aware of any customers being attacked via sniffing against TCP Port 445 and have not received any indication of malicious activity associated with MS05-027.
However, the company urged enterprise customers to apply the update and enable firewalls to block TCP Port 445 at the perimeter as a protection mechanism.
....
Mass TCP Port Attack Could Be Imminent, Analyst Warns
By Ryan Naraine
June 22, 2005
An ominous increase in sniffing activity on TCP Port 445 could signal an impending mass malicious code attack targeting a recently patched Microsoft vulnerability, according to a warning from security researchers.
ADVERTISEMENT Researchers at Symantec Corp.'s DeepSight Network have detected a surge in scans on Port 445, an indication that malicious hackers may have already created exploits for a flaw in Microsoft Corp.'s implementation of the SMB (Server Message Block) protocol.
In Windows 2000, Windows XP and Windows Server 2003, Microsoft uses TCP Port 445 to run SMB directly over TCP/IP to handle the sharing of files, printers, serial ports, and also to communicate between computers.
The vulnerability, which was rated "critical," was patched one week ago in Microsoft's MS05-027 bulletin, and the increased noise on that port could be the first sign that a password brute force attack is imminent, Symantec DeepSight warned.
A spokesperson for Microsoft's Security Response Center said the company was not aware of any active attempts to exploit the vulnerability.
"Port scanning is an activity that may be indicative of an attempt to discover attack vectors against any vendor product and is not an activity unique to Microsoft products," she added.
She said software engineers at Redmond would continue to analyze and monitor for any malicious activity but stressed that she was not aware of any customers being attacked via sniffing against TCP Port 445 and have not received any indication of malicious activity associated with MS05-027.
However, the company urged enterprise customers to apply the update and enable firewalls to block TCP Port 445 at the perimeter as a protection mechanism.
....