Security Incidents mailing list archives
Re: Port 445 increase?
From: Brian Collins <bcollins () newnanutilities org>
Date: Tue, 04 Jun 2002 12:50:48 -0400
NetBIOS over TCP traditionally uses the following ports: nbname 137/UDP nbname 137/TCP nbdatagram 138/UDP nbsession 139/TCP Direct hosted "NetBIOS-less" SMB traffic uses the following port: MICROSOFT-DS 445/TCP MICROSOFT-DS 445/UDPLooks like you're being scanned for open shares (the usual), but the scanner/worm/potential intruder now knows about "NeBIOS-less" SMB traffic port too.This could be a DoS Attack on port 445 too, see http://www.vnunet.com/News/1131065 but i doubt that since you said It was followed by nbname lookup, so It's probably looking for openshares.
And, if I remember correctly, port 445 is specifically related to Win2k and XP. Brian Collins Systems Administrator Newnan Utilities ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Port 445 increase? Mike Hrubes (Jun 03)
- Re: Port 445 increase? Baribault, Gary (Jun 04)
- <Possible follow-ups>
- RE: Port 445 increase? Jim Harrison (SPG) (Jun 04)
- Re: Port 445 increase? Muhammad Faisal Rauf Danka (Jun 04)
- Re: Port 445 increase? Brian Collins (Jun 04)
- Re: Port 445 increase? Eric Monti (Jun 06)
- Re: Port 445 increase? Daniel Polombo (Jun 06)