Re: ISP keeps connecting to my port 445

From: Copelandia Cyanescens (synesthesia_at_ix02x67invalid.net)
Date: 09/27/04

• Next message: 0x: "Re: ZoneAlarm Pro looses Settings"
• Previous message: joun: "Re: A good firewall for a win2k3 server?"
• In reply to: Madhur Ahuja: "ISP keeps connecting to my port 445"
• Next in thread: Madhur Ahuja: "Re: ISP keeps connecting to my port 445"
• Reply: Madhur Ahuja: "Re: ISP keeps connecting to my port 445"
• Reply: GJ: "Re: ISP keeps connecting to my port 445"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 27 Sep 2004 17:42:19 +0000

Madhur Ahuja wrote...

> Hello
>
> Whenever I connect to my ISP *Reliance India Ltd.*, I keep getting incoming
> connections for port 445 from one of their computers, which my firewall
> obviously drops. I need to know whether I should do something about this or
> this is normal.

It's not "normal". Port 445 is Win 2K/XP file sharing, but it is a
direct TCP/IP connection rather than NETBIOS... a nit pick. There is no
valid reason an ISP might automatically scan this port that I can see,
outside of some attempt to detect machines on their network that have
been or could be compromised. It may be they've had a problem and are
doing just that, but it would seem a little odd to me because known
viruses like Korgo that use this service to spread do so from other
ports *to* port 445 as far as I'm aware. I may be mistaken, and it may
vary from one virus/variant to another. Scanning remote port 445 may
tell them who is vulnerable, but not who is infected if my memory is not
faulty...???

I would contact Reliance India. They may be able to offer a valid
explanation. They may also have a machine(s) infected with something
like Korgo and not know it. You should block the traffic regardless,
which as you say your firewall already does. :)

-- 
Are you sure there are no hidden cameras up there?
                        -- Arizona Rep. Don Kinney

---

• Next message: 0x: "Re: ZoneAlarm Pro looses Settings"
• Previous message: joun: "Re: A good firewall for a win2k3 server?"
• In reply to: Madhur Ahuja: "ISP keeps connecting to my port 445"
• Next in thread: Madhur Ahuja: "Re: ISP keeps connecting to my port 445"
• Reply: Madhur Ahuja: "Re: ISP keeps connecting to my port 445"
• Reply: GJ: "Re: ISP keeps connecting to my port 445"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: FTP Window of opportunity? ... does it seemingly accept the connections and drop them once the response ... Subject: FTP Window of opportunity? ... blocked by the firewall. ... the FTP port shows up. ... (Pen-Test) Re: keeping ports open ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... (microsoft.public.security) RE: an error in the NMAP docs? ... normal "non-passive" FTP connections create a connection FROM the server ... FROM port 20 back to an ephemeral port on the client for data transfers. ... "Many naive firewall and packet filter installations make an exception ... Earn your MS in Information Security ONLINE ... (Security-Basics) Re: How to Maintain an IIS Server? ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ... (microsoft.public.inetserver.iis.security) Re: CEICW fails at firewall config ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)