Port 445 is used by the SMB protocol on Windows systems. Large volumes of unexpected traffic on TCP 445 are commonly associated with worms that exploit SMB vulnerabilities (such as WannaCry or NotPetya). Worms are self-replicating malware that spread rapidly across a network, consuming bandwidth, causing high latency, and often resulting in network outages. This matches the scenario given, where network unavailability and abnormal port 445 traffic are observed.
[References:, CompTIA Security+ SY0-701 Official Study Guide, Domain 2.1, "Malware Types: Worms", CompTIA Security+ Exam Objectives: 2.1, CompTIA Glossary: "Worm—A self-replicating malware that spreads across networks, often exploiting vulnerabilities such as those in SMB (TCP 445).", , , ]
Submit