Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] port 445
  • From: Ralf Koch <info@xxxxxxxxxx>
  • Date: Mon, 3 Dec 2001 09:52:13 +0100
  • Message-id: <PM-DB.20011203095213.45802.1.1D@xxxxxxxxxxxxx>
Hi Spiekey,

Port 445 is owned by a file sharing service on Win2k hosts. Earlier this
year there was a guy using this port and weak passwords on some MS
peripheral servers to gain access to the whole MS network:

Furthermore some samba servers, especially samba-tng, use the 445 to
provide a PDC-similar service for Win2k/NT hosts. So if you're not
running a samba server on your firewall - btw: you should never do so! -
and therefore port 445 is closed on your system, you don't have to worry

Hope that helped.



>I am using logcheck and portsentry.
>I read that port 445 is something from smb and not really a reason to
>about, but well, its a external ip which wanted to "do" something.
>Something to worry about?
>Active System Attack Alerts
>Dec 3 01:43:47 suse portsentry[5576]: attackalert: TCP SYN/Normal scan
>host: to TCP port: 445
>Dec 3 01:43:47 suse portsentry[5576]: attackalert: Host
>been blocked via wrappers with string: "ALL:"
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >