port 445
Gerald Combs
gerald at ethereal.com
Mon Aug 11 14:59:13 CDT 2003
On Sun, 10 Aug 2003, Kurt wrote:
> while chekcing my logs, i see that im getting hit on
> 445 ALOT. these are all coming from different ip's
> though. i've done a little research, this is
> apparently a DoS attack? or is it maybe someone
> scaning for this microsoft ds? they seem to be at
> intervals anywhere from 3 to 20 minutes apart. they
> are all blocked, but i was curious. is there some worm
> going around or something?
Port 445 is used for SMB (Microsoft's file and print sharing) directly
over TCP. It was added with Windows 2000. Previously, Windows used
SMB-over-NetBIOS-over-TCP, which used ports 137, 138 and 139:
http://ntsecurity.nu/papers/port445/
According to a recent thread on the SecurityFocus Incidents mailing list,
there are several things that may be scanning the port:
http://www.securityfocus.com/archive/75/332514/2003-08-08/2003-08-14/1
More information about the Kclug
mailing list