Class:
TCP445 class (sources) -- PT Dataset (from Jan to Jun, 2012)
Filtering rules:
TCP, SYN, dstPort=445
Description:
Sources sending SYN packets to TCP Port 445. Related to machines infected with SMB-addressed stealth malware and worms — like Conficker — as well as attackers directly probing or scanning the network to exploit SMB (Server Message Block) vulnerabilities.