Hi Spiekey, Port 445 is owned by a file sharing service on Win2k hosts. Earlier this year there was a guy using this port and weak passwords on some MS peripheral servers to gain access to the whole MS network: http://www.newsbytes.com/news/01/169408.html Furthermore some samba servers, especially samba-tng, use the 445 to provide a PDC-similar service for Win2k/NT hosts. So if you're not running a samba server on your firewall - btw: you should never do so! - and therefore port 445 is closed on your system, you don't have to worry about. Hope that helped. Cheers, Ralf
Hello!
I am using logcheck and portsentry. I read that port 445 is something from smb and not really a reason to worry about, but well, its a external ip which wanted to "do" something. Something to worry about?
Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Dec 3 01:43:47 suse portsentry[5576]: attackalert: TCP SYN/Normal scan from host: pD951A6F2.dip.t-dialin.net/217.81.166.242 to TCP port: 445 Dec 3 01:43:47 suse portsentry[5576]: attackalert: Host 217.81.166.242 has been blocked via wrappers with string: "ALL: 217.81.166.242"
Thanks! Spiekey
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com