Summary (Bottom Line Up Front)
IP address 90.151.105.34 conducted low-volume SMB reconnaissance activity on March 4, 2026, targeting network infrastructure with 30 events over a 4-minute window. This activity represents low-priority automated scanning with no immediate exploitation attempts observed. Network defenders should monitor for escalation while implementing standard SMB hardening measures.
Activity Timeline
INITIAL REPORT2026-03-15T09:47:56Z
Source: Analyst Manual Entry
IP address 90.151.105.34 conducted low-volume SMB reconnaissance activity on March 4, 2026, targeting network infrastructure with 30 events over a 4-minute window. This activity represents low-priority automated scanning with no immediate exploitation attempts observed. Network defenders should monitor for escalation while implementing standard SMB hardening measures.
Technical details
Attack Vector: SMB-focused reconnaissance targeting TCP services
Volume: 30 events concentrated within 4-minute timeframe (03:00-04:00 UTC)
MITRE Technique: T1046 (Network Service Scanning)
Kill Chain Phase: Reconnaissance
Key Patterns: SMB1 protocol detection attempts and legacy SMB usage probing
Threat Level: LOW (85% confidence)
IOCs: 90.151.105.34 (source IP)
IOCs
IP:90.151.105.34
Recommendations
- Monitor network logs for follow-up activity from 90.151.105.34 and implement temporary rate limiting if scanning persists
- Disable SMB1 protocol across all Windows systems and network shares to reduce attack surface
- Verify SMB signing is enabled and enforce encrypted SMB connections where operationally feasible
- Review firewall rules to ensure SMB ports (445, 139) are not unnecessarily exposed to external networks
- Implement network segmentation to limit SMB service accessibility to authorized systems only