informa
/
1 MIN READ
News

Heavy Port Activity May Indicate Hacker SMB Sniffing

Activity on one of the ports associated with Windows' Server Message Block (SMB) protocol is climbing, security giant Symantec says.
Activity on one of the ports associated with Windows' Server Message Block (SMB) protocol is climbing, security giant Symantec said Friday, an indicator that hackers may be exploring a vulnerability Microsoft disclosed Tuesday.

Symantec's DeepSight network, a global collection of sensors that watch for and track developing threats, has noted a surge in activity targeting TCP port 445, which is associated with SMB-related communications on Windows machines.

"This may indicate an increase in known attacks, such as password brute forcing, or the exploitation of known vulnerabilities, or may indicate activity related to the recent Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability," said the DeepSight team in an advisory.

That vulnerability was one of the 12 patched earlier this week during Microsoft's monthly blast of security bulletins.

Microsoft advised users to block ports 139 and 445 as a temporary workaround until they could patch systems. "Blocking them at the firewall, both inbound and outbound, will help prevent systems that are behind that firewall from attempts to exploit this vulnerability," Microsoft said.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing