Jeffrey Borg wrote:
>
> Hi
>
> I have had over the last few weeks thousands of attemps at port 445 on my
> server (not a network scan - although it has been a network scan a few
> times) these attacks are just at one host. (from one host!)
>
> Now I have dug up that this is the new 'SMB' port for windoze 2000 etc..
> called DS But I was curious to any other uses for tcp port 445
>
Looking in rfc1700
http://infopc7.vub.ac.be/sockprog/rfc1700.htm
we find
microsoft-ds 445/tcp Microsoft-DS
microsoft-ds 445/udp Microsoft-DS
# Arnold Miller <[EMAIL PROTECTED]>
As far as I know this is a paging protocol so should be covered in
http://www.landfield.com/rfcs/rfc1568.html
Port 445 is I think, Direct Host, It is how Windows 2000 does
its file sharing now instead of NetBIOS. Win NT used Net BIOS
on ports 137-139. Windows 2000 still supports that, however
NetBIOS is being replaced with port 445 for sharing DNS and LDAP
Much was made of this with the reported allegations of the NSA.KEY
which was reported to give a backdoor in the system.
Many exploits exist for this port such as
http://www.dataguard.no/bugtraq/2000_2/0567.html
Any scans on this port would likely to be script kiddies
trying their luck.
--
Kind regards
Kevin Waterson
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
