[76956] in North American Network Operators' Group
Re: TCP Syns to 445 and 11768
daemon@ATHENA.MIT.EDU (Gadi Evron)
Fri Jan 7 11:33:58 2005
Date: Fri, 07 Jan 2005 18:41:05 +0200
From: Gadi Evron <ge@linuxbox.org>
To: "Cheung, Rick" <Rick.Cheung@nextelpartners.com>
Cc: nanog@merit.edu
In-Reply-To: <9FF378E6E946B54EB34C5B06E23564D3013DACAB@mnmspmx1.nextelpartners.com>
Errors-To: owner-nanog-outgoing@merit.edu
Cheung, Rick wrote:
> Hi. Anyone notice an increase of TCP Syns to port 11768, and 445
> across random internet IPs? I googled the port, and found a similar posting
> here:
>
> http://www.trustedmatrix.org/portal/forum_viewtopic.php?7.954
>
> We located the source on our network, updated DATs, and
> WindowsUpdate hotfixes, but the problem persists.
445 is always active. Whether the million worms who scan for it,
kiddies, etc., you'll always see a ton of connections.
We have seen an increase this past month in tcp/445 activity though. No
idea about 11768, but Google seems to be full with it.
Gadi.
