{"id":2370,"date":"2005-06-22T00:00:00","date_gmt":"2005-06-22T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/06\/22\/mass-tcp-port-attack-could-be-imminent-analyst-warns\/"},"modified":"2021-12-30T11:41:10","modified_gmt":"2021-12-30T11:41:10","slug":"mass-tcp-port-attack-could-be-imminent-analyst-warns","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/06\/22\/mass-tcp-port-attack-could-be-imminent-analyst-warns\/","title":{"rendered":"Mass TCP Port Attack Could Be Imminent, Analyst Warns"},"content":{"rendered":"<p>An ominous increase in sniffing activity on TCP Port 445 could signal an impending mass malicious code attack targeting a recently patched Microsoft vulnerability, according to a warning from security researchers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In Windows 2000, Windows XP and Windows Server 2003, Microsoft uses TCP Port 445 to run SMB directly over TCP\/IP to handle the sharing of files, printers, serial ports, and also to communicate between computers.<\/p>\n<p>She said software engineers at Redmond would continue to analyze and monitor for any malicious activity but stressed that she was not aware of any customers being attacked via sniffing against TCP Port 445 and have not received any indication of malicious activity associated with MS05-027.<\/p>\n<p>John Pescatore, VP of security research at Gartner Inc., said the reports of increased sniffing on Port 445 are a &#8220;serious concern for enterprise security managers&#8221; because such activity usually means a mass attack is imminent.<\/p>\n<p>&#8220;[Administrators must] immediately review all firewall policies (including those covering personal firewall software) to ensure that Port 445 access is blocked wherever possible [and] update all intrusion prevention system filters (both network- and host-based) to block attempts to exploit this vulnerability,&#8221; Pescatore added.<\/p>\n<p>http:\/\/www.eweek.com\/article2\/0,1759,1830698,00.asp?kc=EWRSS03119TX1K0000594<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2370","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2370"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2370\/revisions"}],"predecessor-version":[{"id":4857,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2370\/revisions\/4857"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}