Skip to main content
All CollectionsHoneypotGeneral
Random connections on SMB
Random connections on SMB

Are you receiving random connections on SMB which you can't clarify? It may be Microsoft Advanced Threat Analytics searching your network.

Updated over 10 months ago

Some customers of SecurityHive reported detections on their SMB sensors with random timestamps. After investigating this issue together with a customer, we discovered Microsoft Advanced Threat Analytics may be searching your network.

The software of Microsoft requires port 445 to be open on devices. It will ping the ports and gather information when possible. This may also trigger your Honeypot.

Exclude the Honeypot from the software or whitelist the source in the SecurityHive Portal. Whitelisting can make your Honeypot blind for an attacker which uses the source IP+Port.

Did this answer your question?