Monday, June 21, 2021

Analysts Warn of Possible TCP Port Attack

Analysts are warning of a possible TCP Port attack after detecting a surge in sniffing on Port 445, which is the port associated with a recently patched Microsoft flaw.

Gartner, Inc., a major industry analyst firm based in Stamford, Conn., has issued an alert, saying the increased scanning activity may signal an impending malicious code attack exploiting a critical Windows vulnerability.

The flaw was connected to the Microsoft Windows Server Message Block (SMB) Protocol, which is associated with Port 445. The port could be used to exploit the Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability (MSO5-27). A patch for the bug was released on June 14.

”The Port 445 activity may indicate that — in the week since Microsoft released the Windows patch — attacks have reached the fourth state in this process and may be preparing a mass attack, employing the widely used SMB protocol,” Gartner analysts warned in a written statement.

The analysts note that launching a mass attack is generally a five-state process. First, a vulnerability is identified and a patch is released. Then attackers use the patch to reverse engineer the vulnerability. After that, exploit code is developed and circulated on the Internet, and then attackers scan to find vulnerable systems. The last step actually is launching an attack.

A spokesperson for Symantec Corp., an anti-virus and anti-spam company, says researchers at Symantec’s DeepSight Network detected the surge in sniffing last week. In the last several days, the surge has started to drop off, however.

Windows 2000 and Windows XP use TCP Port 445 to run SMB directly over TCP/IP to manage activities such as file sharing and communication between computers.

Analysts are advising users to make sure that all flaws are patched.

Similar articles

Latest Articles

3 AI Implementations That...

I was on a joint educational call for the World Talent Economic Economic forum on mobile computing this week. We drifted to topics that...

Survey of Site Reliability...

NEW YORK — Site reliability engineers (SREs) are warning of a looming scalability ceiling and saying the adoption of AIOps isn’t happening at a...

Druva Integrates sfApex to...

SUNNYVALE, Calif. — A maker of software for cloud data protection and management is helping companies safeguard essential customer data that their sales and...

Best Data Science Tools...

Data science has transformed our world. The ability to extract insights from enormous sets of structured and unstructured data has revolutionized numerous fields —...