Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] port 445
  • From: "Erwin Zierler -" <erwin.zierler@xxxxxxxxxxxx>
  • Date: Mon, 03 Dec 2001 10:01:23 +0100
  • Message-id: <3C0B3F63.5070402@xxxxxxxxxxxx>

I had portscans from which I reported to
abuse@xxxxxxxxxxxx They answered within 24 hours and wrote:

"The user will be detected and we'll give him a warning."

I am not using portsentry but iplog, the portscan was very obvious
followed by an (unsuccessful) anon FTP connection attempt.
Typical script kiddy I guess.

To answer your question: check all your other logs for connection
attempts to all servers/daemons you run (just grep for the IP).
That should give you an idea what else happend.


spiekey wrote:


I am using logcheck and portsentry.
I read that port 445 is something from smb and not really a reason to worry
about, but well, its a external ip which wanted to "do" something.
Something to worry about?

Active System Attack Alerts
Dec 3 01:43:47 suse portsentry[5576]: attackalert: TCP SYN/Normal scan from
host: to TCP port: 445
Dec 3 01:43:47 suse portsentry[5576]: attackalert: Host has
been blocked via wrappers with string: "ALL:"


Erwin Zierler | web- / host- / postmaster -
| erwin.zierler@xxxxxxxxxxxx / webmaster@xxxxxxxxxxxx
| Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91

< Previous Next >