Port 445 is Win2K's backup for the smb related netbios ports 135;137 & 139.
If eth0 is your internet attached interface someone is probably trying to get some netbios related info from your machine & the firewall is blocking it as it should. Kim Oppalfens Azlan Training >-- Original Message -- >To: Phil Faris <[EMAIL PROTECTED]>,[EMAIL PROTECTED] >From: Ray Olszewski <[EMAIL PROTECTED]> >Subject: Re: [leaf-user] Shorewall log >Date: Sat, 29 Mar 2003 10:14:28 -0800 > > >At 09:08 AM 3/29/2003 -0800, Phil Faris wrote: >>Can anyone tell me what this Shorewall log entry means? I get about fifty > >>to sixty hits like this every day. >> >>Mar 29 16:12:57 Gateway Shorewall:net2all:DROP: IN=eth0 OUT= >>MAC=00:20:af:38:31:c5:00:10:67:00:b5:6b:08:00 SRC=64.214.177.149 >>DST=209.233.16.123 LEN=48 TOS=00 PREC=0x00 TTL=111 ID=28282 DF PROTO=TCP > >>SPT=3463 DPT=445 SEQ=3057110942 ACK=0 WINDOW=16384 SYN URGP=0 > >Interpreting log entries when given NO information about the system >involved is always guesswork. Here I assume your setup is typical (for >example, eth0 is the external interface, 209.233.16.123 is your IP address). > >The traffic is TCP (PROTO=) to port 445 (DPT=). /etc/services says 445 is > >"microsoft-ds". A quick Google search on "microsoft-ds" turns up two things > >of interest. > > 1. "microsoft-ds" is associated with a Microsoft service called > >LanMan. > > 2. BugTraq reports a DoS attack associated with use of this port. > >More analysis would require more Windows expertise than I possess, but >perhaps someone else here knows enough to say more. If not, this should be > >enough to let you use Google productively to learn more. > > > > > > > >------------------------------------------------------- >This SF.net email is sponsored by: >The Definitive IT and Networking Event. Be There! >NetWorld+Interop Las Vegas 2003 -- Register today! >http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en >------------------------------------------------------------------------ >leaf-user mailing list: [EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user >SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
