Security Incidents mailing list archives

Re: Port 445 increase?

From: Brian Collins <bcollins () newnanutilities org>
Date: Tue, 04 Jun 2002 12:50:48 -0400

NetBIOS over TCP traditionally uses the following ports:

nbname 137/UDP
nbname 137/TCP
nbdatagram 138/UDP
nbsession 139/TCP

Direct hosted "NetBIOS-less" SMB traffic uses the following port:

MICROSOFT-DS 445/TCP
MICROSOFT-DS 445/UDP
Looks like you're being scanned for open shares (the usual), but thescanner/worm/potential intruder now knows about "NeBIOS-less" SMB trafficport too.
This could be a DoS Attack on port 445 too, seehttp://www.vnunet.com/News/1131065but i doubt that since you said It was followed by nbname lookup, so It'sprobably looking for openshares.


And, if I remember correctly, port 445 is specifically related to Win2k and XP.


Brian Collins
Systems Administrator
Newnan Utilities


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

Port 445 increase? Mike Hrubes (Jun 03)
- Re: Port 445 increase? Baribault, Gary (Jun 04)
- <Possible follow-ups>
- RE: Port 445 increase? Jim Harrison (SPG) (Jun 04)
- Re: Port 445 increase? Muhammad Faisal Rauf Danka (Jun 04)
  - Re: Port 445 increase? Brian Collins (Jun 04)
- Re: Port 445 increase? Eric Monti (Jun 06)
  - Re: Port 445 increase? Daniel Polombo (Jun 06)