TCP 445 Scan?

Morning/Afternoon All,

Has anyone else recently been pegged with a large number of distributed TCP 445 scans over a short amount of time (within a few minutes)? A couple of days ago I was hit by roughly 60+ scans in a short amount of time; when I waded through it it wound up being about 45 unique IP address all looking for TCP 445. Below is an excerpt from my fireall log (Netscreen). Has anyone else been seeing these sorts of scans lately? I've only seen the one scan, so I haven't had a chance to capture any more traffic.

-CDH

2003-2-23 23:05:52 Deny  213.51.247.114->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:49 Deny  213.51.247.114->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:36 Deny  213.51.21.143->W.X.Y.Z   0 sec TCP PORT 445
2003-2-23 23:05:33 Deny  213.51.21.143->W.X.Y.Z   0 sec TCP PORT 445
2003-2-23 23:05:30 Deny  12.242.204.86->W.X.Y.Z   0 sec TCP PORT 445
2003-2-23 23:05:27 Deny  12.242.204.86->W.X.Y.Z   0 sec TCP PORT 445
2003-2-23 23:05:23 Deny  62.253.118.133->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:21 Deny  65.163.177.202->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:20 Deny  62.253.118.133->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:19 Deny  217.1.167.84->W.X.Y.Z 	  0 sec TCP PORT 445
2003-2-23 23:05:18 Deny  65.163.177.202->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:18 Deny  12.231.241.129->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:18 Deny  24.66.39.214->W.X.Y.Z 	  0 sec TCP PORT 445
2003-2-23 23:05:17 Deny  12.229.115.40->W.X.Y.Z   0 sec TCP PORT 445
2003-2-23 23:05:16 Deny  62.190.172.203->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:16 Deny  217.1.167.84->W.X.Y.Z 	  0 sec TCP PORT 445
2003-2-23 23:05:16 Deny  217.162.202.177->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:16 Deny  217.162.183.155->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:15 Deny  12.231.241.129->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:15 Deny  24.66.39.214->W.X.Y.Z 	  0 sec TCP PORT 445
2003-2-23 23:05:14 Deny  141.153.232.196->W.X.Y.Z 0 sec TCP PORT 445
2003-2-23 23:05:14 Deny  12.229.115.40->W.X.Y.Z   0 sec TCP PORT 445
2003-2-23 23:05:14 Deny  12.231.161.15->W.X.Y.Z   0 sec TCP PORT 445
2003-2-23 23:05:13 Deny  217.162.7.16->W.X.Y.Z 	  0 sec TCP PORT 445
2003-2-23 23:05:13 Deny  62.190.172.203->W.X.Y.Z  0 sec TCP PORT 445
Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
2003-2-23 23:05:13 Deny  12.242.250.247->W.X.Y.Z  0 sec TCP PORT 445
2003-2-23 23:05:13 Deny  217.162.202.177->W.X.Y.Z 0 sec TCP PORT 445

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Tue Mar 4 10:42:56 2003