On Dec 11, 2006, at 3:09 PM, Greg 'groggy' Lehey wrote:
On Monday, 11 December 2006 at 11:06:12 -0800, Chuck Swiger wrote:
On Dec 11, 2006, at 10:43 AM, [EMAIL PROTECTED] wrote:
What is microsoft-ds port #445?
Mildly off-topic for this list, but it's used by directory-services,
aka "Active Directory"....
I don't know that it's that off-topic.
A question which is independent of which OS you might use may still
be relevant to a FreeBSD mailing list, but it does not seem to be
highly relevant. A security list such as BugTraq or firewall-wizards
is likely to provide more specific details or feedback about bursts
of malware traffic on a particular port than freebsd-questions will...
I don't use Microsoft, but people bombard me with packets on port 445.
Agreed-- it is certainly true that port 445 experiences lots of
malicious probes.
I run a honeynet which gets between 500 and 1000 connection requests
per day per IP on port 445; a histogram of TCP traffic over the past
week suggests it is the most commonly targeted port, closely followed
by 139/tcp:
# count / port
59676 445
58527 139
1043 9988
383 80
357 135
285 22
223 5900
214 1433
182 4899
144 1080
Of course, the way to find this out is:
$ grep 445 /etc/services
microsoft-ds 445/tcp
microsoft-ds 445/udp
It seems likely that the original poster had gotten this far, judging
from the question above. :-)
Dear [EMAIL PROTECTED]: port 445/tcp is used to wrap a bunch of services
that used to run over the NetBIOS/NetBEUI protocol, such as "domain
browse lists", "network neighborhood", and CIFS/SMB services (ie,
what Samba provides, workgroups, filesharing, user authentication)--
in short, "directory services".
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
