Port 445 issues (was: Port 80 Issues)

• Previous message (by thread): Port 445 issues (was: Port 80 Issues)
• Next message (by thread): Port 445 issues (was: Port 80 Issues)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Are other people having problems with this right now?  
> There doesn't seem to be very much traffic or information about this on any of 
> the security lists (it is Sunday...).  
> The last posted URL points to an impending storm...
> 
> Other operators opinions about blocking port 445 before this thing starts 
> spreading faster than it already is?

IMHO, this is similar in impact to Opaserv. As an ISP, I would probably block
445 just to avoid having lots of people call Monday morning complaining about
slow connections after they got infected. This worm is unlikely to cause
major 'global' network slowdowns, so filtering further upstream probably makes
not too much sense.

The main 'facts' so far:
- this virus does attempt to exploit weak passwords, not just open / no password
shares
- there are some reports that this worm has a VNC or IRC backdoor component,
which opens the infected machines to future exploits.
- port 445 has gotten a lot of attention from the malware community recently.
So there are likely further exploits in the works.



> > http://isc.incidents.org/port_details.html?port=445
> 
> 


-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

• Previous message (by thread): Port 445 issues (was: Port 80 Issues)
• Next message (by thread): Port 445 issues (was: Port 80 Issues)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]