Re: ISP keeps connecting to my port 445

From: Madhur Ahuja (ef_at_df.com)
Date: 09/27/04

• Next message: Kaptain Krunch: "Re: Linksys BEFSX41 vs D-Link DI-764"
• Previous message: nospam_at_nospam.com: "Re: https and ftp in za and or kerio"
• In reply to: Copelandia Cyanescens: "Re: ISP keeps connecting to my port 445"
• Next in thread: GJ: "Re: ISP keeps connecting to my port 445"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 28 Sep 2004 02:35:43 +0530

Copelandia Cyanescens <synesthesia@ix02x67invalid.net> wrote:
> Madhur Ahuja wrote...
>
>> Hello
>>
>> Whenever I connect to my ISP *Reliance India Ltd.*, I keep getting
>> incoming connections for port 445 from one of their computers, which
>> my firewall obviously drops. I need to know whether I should do
>> something about this or this is normal.
>
> It's not "normal". Port 445 is Win 2K/XP file sharing, but it is a
> direct TCP/IP connection rather than NETBIOS... a nit pick. There is
> no valid reason an ISP might automatically scan this port that I can
> see, outside of some attempt to detect machines on their network that
> have been or could be compromised. It may be they've had a problem
> and are doing just that, but it would seem a little odd to me because
> known viruses like Korgo that use this service to spread do so from
> other ports *to* port 445 as far as I'm aware. I may be mistaken, and
> it may vary from one virus/variant to another. Scanning remote port
> 445 may tell them who is vulnerable, but not who is infected if my
> memory is not faulty...???
>
> I would contact Reliance India. They may be able to offer a valid
> explanation. They may also have a machine(s) infected with something
> like Korgo and not know it. You should block the traffic regardless,
> which as you say your firewall already does. :)

Thanks for the input. I have sent a mail to my ISP, asking for an
explanation.

--
Madhur Ahuja [madhur<underscore>ahuja<at>yahoo<dot>com]
Homepage
http://madhur.netfirms.com

---

• Next message: Kaptain Krunch: "Re: Linksys BEFSX41 vs D-Link DI-764"
• Previous message: nospam_at_nospam.com: "Re: https and ftp in za and or kerio"
• In reply to: Copelandia Cyanescens: "Re: ISP keeps connecting to my port 445"
• Next in thread: GJ: "Re: ISP keeps connecting to my port 445"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: port forwarding, ssh, nat ... The ssh client, like all TCP clients, will use unpredictable port ... narrowed the problem down to my firewall, which only has 22, 67, 80, ... So long as incoming connections to port 22 are permitted, ... (comp.unix.bsd.freebsd.misc) Re: Redirecting a socket connection? ... > one port that the firewall will allow incoming connections on. ... Okay -- well, in that case it's perfectly possible. ... (microsoft.public.vc.mfc) Re: Redirecting a socket connection? ... one port that the firewall will allow incoming connections on. ... > out which web site responds to a given request. ... (microsoft.public.vc.mfc) Re: ISP keeps connecting to my port 445 ... > getting incoming connections for port 445 from one of their ... > computers, which my firewall obviously drops. ... I think port 445 is used by Netbios, ... (comp.security.firewalls) Re: keeping ports open ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)