Port 445 is used by MS-Exchange/Outlook. I ties in with Outlook connectivity in a corporate environment.
It may be an employee using a laptop (possibly with VPN), that is traveling... Danny -----Original Message----- From: Mike Faunce [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 7:13 AM To: 'Mason Landrum' Cc: [EMAIL PROTECTED] Subject: RE: [gb-users] Port 445 microsoft-ds blocks http://www.cert.org/advisories/CA-2003-08.html -----Original Message----- From: Mason Landrum [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 9:50 AM To: [EMAIL PROTECTED] Subject: [gb-users] Port 445 microsoft-ds blocks I'm sure that this has probably been asked before, but here it goes again. I am receiving tons of port 445 microsoft-ds block messages from the GB like below: ------------------------------------------------------------------------ ----- ALARM NO: 1 DATE: Tue 2003-03-18 19:25:06 GMT PRIORITY: 4 INTERFACE: EXTERNAL (ep2) INTERFACE TYPE: External ALARM TYPE: Block IP PACKET: TCP [61.53.7.11/3200]-->[xxx.xxx.xxx.xxx/445] l=0 f=0x2 [61.53.7.11/3200]-->[xxx.xxx.xxx.xxx/microsoft-ds] DETAILED DESCRIPTION: IP packet was rejected by filter 30. ------------------------------------------------------------------------ ----- Is this someone trying to exploit the denial of service issues that exist with Windows 2000 or is it legitimate traffic in some way. Thanks in advance for your input! Sincerely, Mason Landrum --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED]
