Sniffing of TCP Port Could Herald Attack, Gartner Says
Targeted port is tied to patched Microsoft protocol
Computerworld - An increase in sniffing activity on a communications port associated with a software vulnerability disclosed by Microsoft Corp. this month may be the signal of an impending attack designed to exploit the flaw, according to an alert from Gartner Inc.
The remote code-execution vulnerability affects the Windows Server Message Block (SMB) file-sharing protocol. In its monthly patch release two weeks ago, Microsoft gave the SMB hole a "critical" severity rating because attackers could use it to take control of unprotected systems.
Gartner analyst John Pescatore said in an alert posted on the consulting firm's Web site last Tuesday that the increased sniffing detected on TCP Port 445 poses "a serious concern for enterprise security managers, because it may indicate an impending mass malicious-code attack." The sniffing activity indicates that attackers may have reverse-engineered Microsoft's SMB patch, developed exploit code and circulated it on the Internet, Pescatore said.
Monitors at Symantec Corp. also spotted the increased activity on Port 445, but they downplayed any immediate threat to corporate systems.
Alfred Huger, senior director of engineering at Symantec, said the Cupertino, Calif.-based company noticed a "significant spike" in sniffing on June 17. Since then, though, activity levels have gone back to normal, according to Huger.
"Activity targeting Port 455 is very common. It's almost like background noise," Huger said. He added that the spike probably indicated an attempt to find vulnerable systems. "The good news is that the vast majority of enterprises don't allow access to this port," he said. Companies that have installed Windows XP Service Pack 2 should already be protected because that version of the operating system closes off access to Port 445 by default, Huger said.
Pescatore said companies need to accelerate system patching, implement recommended work-arounds and ensure that access to Port 445 is blocked where possible. It's also a good idea to update both network and host-based intrusion-prevention filters to deal with the threat, he said.
A Microsoft spokeswoman said the software vendor is aware of public reports about increased sniffing on Port 445. But it doesn't necessarily relate to the SMB flaw, she said. "Port scanning is an activity that may be indicative of an attempt to discover attack vectors against any vendor product and is not an activity unique to Microsoft products," the spokeswoman said. She added that Microsoft had yet to receive any reports of the flaw being exploited.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- ERP in the Cloud and the Modern Business View IDC's White Paper, to review IDC CloudTrack Survey findings, gain expert insight into the challenges and opportunities the cloud presents, and determine...
- Study: Total Economic Impact of Google Apps Employees can work faster and IT spending can decrease when companies switch to Google Apps, says a commissioned study by Forrester Consulting. Going...
- Protecting Digitalized Assets in Healthcare Healthcare providers face an urgent, internal battle every day: security and compliance versus productivity and service. For most healthcare organizations, the fight is...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing... All Management White Papers | Webcasts