Looking at the DSHIELD data for the port 445 Shows an interesting little trend. Reports showing 445 as the target port is down. Something that is also observed by some readers in their various darknets. Ports showing 445 as the source however is way up. If you are seeing this or have some packets, please send them through. For the packets, I'm interested especially in the source port 445 traffic. Mark H Update Quite number of people have reported a similar drop in their stats for 445 as the target port, but no real explanations just yet. Likely to be confiker related, but that's speculation at the moment.
|
Mark 391 Posts ISC Handler Mar 6th 2009 |
Thread locked Subscribe |
Mar 6th 2009 1 decade ago |
Hello World!
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system. Useful Links: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx http://download.sysinternals.com/Files/TcpView.zip |
Anonymous |
Quote |
Mar 6th 2009 1 decade ago |
Looks like the same rise in port 445 sources happened almost exactly a year ago. I'd check for previous years, but I don't want to taunt the poor little app.
|
Ron 4 Posts |
Quote |
Mar 6th 2009 1 decade ago |
Not seeing the same thing last year, but willing to be wrong. Which dates did you use?
|
Mark 391 Posts ISC Handler |
Quote |
Mar 6th 2009 1 decade ago |
Hmm.. All I did was change the start year to 2008, and hit submit (start/end dates become Feb 5 2008 - Mar 7 2009). It shows a similar ramp-up and sudden drop.
Looking at it again, and playing around with the dates a bit more, the ramp disappears. Probably an artifact of the sample rate. Sorry for the false alarm. |
Ron 4 Posts |
Quote |
Mar 7th 2009 1 decade ago |
my #1 destination port across all my firewalls (multiple class C's) is by FAR tcp 445. i have yet to capture some of traffic, but the sources appear to be coming from all over. i have been waiting for someone else to see this spike. :)
|
Anonymous |
Quote |
Mar 10th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!