Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] port 445
  • From: Ralf Koch <info@xxxxxxxxxx>
  • Date: Mon, 3 Dec 2001 09:52:13 +0100
  • Message-id: <PM-DB.20011203095213.45802.1.1D@xxxxxxxxxxxxx>
Hi Spiekey,

Port 445 is owned by a file sharing service on Win2k hosts. Earlier this
year there was a guy using this port and weak passwords on some MS
peripheral servers to gain access to the whole MS network:
http://www.newsbytes.com/news/01/169408.html

Furthermore some samba servers, especially samba-tng, use the 445 to
provide a PDC-similar service for Win2k/NT hosts. So if you're not
running a samba server on your firewall - btw: you should never do so! -
and therefore port 445 is closed on your system, you don't have to worry
about.

Hope that helped.

Cheers,

Ralf

>Hello!
>
>I am using logcheck and portsentry.
>I read that port 445 is something from smb and not really a reason to
>worry
>about, but well, its a external ip which wanted to "do" something.
>Something to worry about?
>
>Active System Attack Alerts
>=-=-=-=-=-=-=-=-=-=-=-=-=-=
>Dec 3 01:43:47 suse portsentry[5576]: attackalert: TCP SYN/Normal scan
>from
>host: pD951A6F2.dip.t-dialin.net/217.81.166.242 to TCP port: 445
>Dec 3 01:43:47 suse portsentry[5576]: attackalert: Host 217.81.166.242
>has
>been blocked via wrappers with string: "ALL: 217.81.166.242"
>
>Thanks!
>Spiekey
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >
References