Re: ISP keeps connecting to my port 445

From: GJ (no_at_mail.invalid)
Date: 09/28/04 

Date: Tue, 28 Sep 2004 00:57:06 +0200

Copelandia Cyanescens wrote:

>>Whenever I connect to my ISP *Reliance India Ltd.*, I keep getting incoming
>>connections for port 445 from one of their computers, which my firewall
>>obviously drops. I need to know whether I should do something about this or
>>this is normal.
>
>
> It's not "normal". Port 445 is Win 2K/XP file sharing, but it is a
> direct TCP/IP connection rather than NETBIOS... a nit pick. There is no
> valid reason an ISP might automatically scan this port that I can see,
> outside of some attempt to detect machines on their network that have
> been or could be compromised. It may be they've had a problem and are
> doing just that, but it would seem a little odd to me because known
> viruses like Korgo that use this service to spread do so from other
> ports *to* port 445 as far as I'm aware. I may be mistaken, and it may
> vary from one virus/variant to another. Scanning remote port 445 may
> tell them who is vulnerable, but not who is infected if my memory is not
> faulty...???

I think an ISP would use a honeypot for checking customers. Then you
could also see by the type of connection and the data transferred if the
connecting computer is infected or not.

> I would contact Reliance India. They may be able to offer a valid
> explanation. They may also have a machine(s) infected with something
> like Korgo and not know it. You should block the traffic regardless,
> which as you say your firewall already does. :)
>
You can conntact the ISP, but i think it's a waste of time. Often, you
don't even get a reply. Just look at what ports you need to have open,
and close the rest of them.

GJ

Relevant Pages

  • Re: AS4.2/WM5/OUTLOOK2K3 suddenly not syncing, please help
    ... there is a connection EXIST between the device because I ... connection on port 26675 but on the PPC the port number keeps ... Outlook, countless times of reinstalling Activesync, removing Windows ... Firewall set to NO). ...
    (microsoft.public.pocketpc.activesync)
  • RE: FTP Window of opportunity?
    ... target on the line when in reality it was just a firewall lying to them. ... The connection connects and then immediately ... Subject: FTP Window of opportunity? ... the FTP port shows up. ...
    (Pen-Test)
  • Re: WDSC, VPN, and RPG Editing
    ... With some machines I can have a 24 hour connection, ... thru port 23 using telnet. ... iSeries server to make sure they are configured to allow the ... through the firewall. ...
    (comp.sys.ibm.as400.misc)
  • Re: Plausible reasons for http access?
    ... The word port has several meanings, ... On my home firewall, I normally have _ALL_ logging off. ... NetBIOS is a protocol meant for local use within a windoze workgroup. ... If you block the connection (or ...
    (comp.security.misc)
  • Re: Remote Desktop failing acces from the internet
    ... You may want to try NAT one to one on port 3389. ... I'm trying to help a friend of mine with the following problem: Remote Desktop cannot access computers from the Internet. ... The only strange thing I have noticed is that the network admin has enforced some group policies on the computers belonging to the domain; as a result some exceptions on the firewall, the firewall service itself, plus some other domain-controlled services aren't modifiable. ...
    (microsoft.public.windowsxp.work_remotely)