Re: ISP keeps connecting to my port 445

From: GJ (utwente_news_at_mercurius.kabel.utwente.nl)
Date: 09/28/04

• Next message: GJ: "Re: ISP keeps connecting to my port 445"
• Previous message: Khaled: "Re: ISP keeps connecting to my port 445"
• In reply to: Madhur Ahuja: "ISP keeps connecting to my port 445"
• Next in thread: Maxime Ducharme: "Re: ISP keeps connecting to my port 445"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 28 Sep 2004 00:50:38 +0200

Madhur Ahuja wrote:

> Hello
>
> Whenever I connect to my ISP *Reliance India Ltd.*, I keep getting incoming
> connections for port 445 from one of their computers, which my firewall
> obviously drops. I need to know whether I should do something about this or
> this is normal.

Probably one of the customers computers of your isp is hacked. Drop or
deny all connections to port 445 in your firewall, just like ports 135
and 137, 138, 139 (these are also used for windows files sharing or
samba and are often vulnerable).

> I think port 445 is used by Netbios, are they looking my computer for the
> shared folers?. Should I drop those connections or just deny them.

TCP 445 is used by microsoft DS (SMB over TCP) and that means file
sharing over TCP (not netbios). Many ISP's block this port (just like
135,137,138,139) on their routers. Just setup your firewall to block
these connections. If you use a local network and want to be able to use
file sharing, setup your firewall to allow only connections to these
ports from trusted computers (ie computers connected to your lan).

The mentioned GRC test is not always a good site to make conclusions.
Use different sites like for example symantec's scan.

GJ

---

• Next message: GJ: "Re: ISP keeps connecting to my port 445"
• Previous message: Khaled: "Re: ISP keeps connecting to my port 445"
• In reply to: Madhur Ahuja: "ISP keeps connecting to my port 445"
• Next in thread: Maxime Ducharme: "Re: ISP keeps connecting to my port 445"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: FTP Window of opportunity? ... does it seemingly accept the connections and drop them once the response ... Subject: FTP Window of opportunity? ... blocked by the firewall. ... the FTP port shows up. ... (Pen-Test) RE: an error in the NMAP docs? ... normal "non-passive" FTP connections create a connection FROM the server ... FROM port 20 back to an ephemeral port on the client for data transfers. ... "Many naive firewall and packet filter installations make an exception ... Earn your MS in Information Security ONLINE ... (Security-Basics) Re: Remote Desktop failing acces from the internet ... You may want to try NAT one to one on port 3389. ... I'm trying to help a friend of mine with the following problem: Remote Desktop cannot access computers from the Internet. ... The only strange thing I have noticed is that the network admin has enforced some group policies on the computers belonging to the domain; as a result some exceptions on the firewall, the firewall service itself, plus some other domain-controlled services aren't modifiable. ... (microsoft.public.windowsxp.work_remotely) Re: Firewalls: whats the use? ... > local connections and it is not possible to connect to it from the ... > Since it is a web server I obviously need to allow traffic from anyone ... > to port 80. ... The basic thing that a firewall does is limit what you have to worry about. ... (comp.os.linux.security) Re: Help with undetectable Worm?! ... Yesterday i noticed a ton of firewall connections coming from 7 ... Issuing 1 byte TCP Keep Alive requests from port 1911 to port 135 on ... he told me to call my SysAdmin and then to ... (microsoft.public.windowsxp.help_and_support)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)