Introduction

This report identifies hosts that have an SMB instance running on port 445/TCP that accessible on the internet. This service should not be exposed to the internet.

Fields

Field Description
timestamp Time that the IP was probed in UTC+0
ip The IP address of the device in question
protocol Protocol that the response came on (always TCP)
port Port that the response came from (445/TCP)
hostname Reverse DNS name of the device in question
tag Will always be smb
asn ASN of where the device in question resides
geo Country where the device in question resides
region State / Province / Administrative region where the device in question resides
city City in which the device in question resides
naics North American Industry Classification System Code
sic Standard Industrial Classification System Code
smb_implant Indicates if an smb-implant is present (Y/N)
arch If an smb-implant is present, indicates if the system architecture is 32-bit (x86) or 64-bit (x64)
key If an smb-implant is present, indicates the crypto key

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","smb_implant","arch","key"

<< | Reports | >>