On Dec 11, 2006, at 3:09 PM, Greg 'groggy' Lehey wrote:
On Monday, 11 December 2006 at 11:06:12 -0800, Chuck Swiger wrote:
On Dec 11, 2006, at 10:43 AM, [EMAIL PROTECTED] wrote:
What is microsoft-ds port #445?

Mildly off-topic for this list, but it's used by directory-services,
aka "Active Directory"....

I don't know that it's that off-topic.

A question which is independent of which OS you might use may still be relevant to a FreeBSD mailing list, but it does not seem to be highly relevant. A security list such as BugTraq or firewall-wizards is likely to provide more specific details or feedback about bursts of malware traffic on a particular port than freebsd-questions will...

I don't use Microsoft, but people bombard me with packets on port 445.

Agreed-- it is certainly true that port 445 experiences lots of malicious probes.

I run a honeynet which gets between 500 and 1000 connection requests per day per IP on port 445; a histogram of TCP traffic over the past week suggests it is the most commonly targeted port, closely followed by 139/tcp:

# count / port
59676 445
58527 139
1043  9988
383   80
357   135
285   22
223   5900
214   1433
182   4899
144   1080

Of course, the way to find this out is:

  $ grep 445 /etc/services
  microsoft-ds    445/tcp
  microsoft-ds    445/udp

It seems likely that the original poster had gotten this far, judging from the question above. :-)

Dear [EMAIL PROTECTED]: port 445/tcp is used to wrap a bunch of services that used to run over the NetBIOS/NetBEUI protocol, such as "domain browse lists", "network neighborhood", and CIFS/SMB services (ie, what Samba provides, workgroups, filesharing, user authentication)-- in short, "directory services".


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to