178.124.203.58

Summary (Bottom Line Up Front)

External IP 178.124.203.58 from Belarus conducted SMB reconnaissance using deprecated SMBv1 protocol against non-standard ports during a 4-minute window on 2026-02-28 17:00-18:00 UTC. This activity represents medium-risk reconnaissance that could precede exploitation attempts targeting SMB vulnerabilities. Network defenders should review SMB exposure and implement enhanced monitoring for legacy protocol usage.

SMB TCP TCP/SYN auto

SMB

Activity Timeline

INITIAL REPORT2026-03-18T11:23:14Z

Source: Analyst Manual Entry

Technical details

Source: 178.124.203.58 (BELTELECOM AS6697, Lida, Belarus)

Activity Window: 2026-02-28 17:00-18:00 UTC (24 events over 4 minutes)

Protocols: SMBv1 protocol negotiation attempts

MITRE Technique: T1046 (Network Service Scanning)

Kill Chain Phase: Reconnaissance

Attack Pattern: SMB protocol scanning targeting non-standard port configurations

Notable Findings: Use of deprecated SMBv1 dialect vulnerable to critical exploits; targeting of unusual port 9001 suggests systematic reconnaissance or [REDACTED] interaction

IOCs

IP:178.124.203.58

ASN:6697

COUNTRY:BY

Recommendations

Audit and disable SMBv1 protocol across all network assets if not required for business operations
Implement network segmentation to restrict SMB traffic to authorized internal communications only
Deploy enhanced monitoring for SMB protocol usage, particularly legacy versions and non-standard port communications
Review firewall rules to ensure SMB ports (445, 139) are not exposed to external networks
Consider threat hunting for additional reconnaissance activity from Belarus-based infrastructure during the same timeframe