From owner-freebsd-questions@FreeBSD.ORG Tue Dec 12 00:00:44 2006 Return-Path: X-Original-To: freebsd-questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BB99216A501; Tue, 12 Dec 2006 00:00:44 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 738C043CCA; Mon, 11 Dec 2006 23:56:35 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin05-en2 [10.13.10.150]) by smtpout.mac.com (Xserve/8.12.11/smtpout07/MantshX 4.0) with ESMTP id kBBNvqpK011972; Mon, 11 Dec 2006 15:57:53 -0800 (PST) Received: from [17.214.13.96] (a17-214-13-96.apple.com [17.214.13.96]) (authenticated bits=0) by mac.com (Xserve/smtpin05/MantshX 4.0) with ESMTP id kBBNvkbA013667; Mon, 11 Dec 2006 15:57:46 -0800 (PST) In-Reply-To: <20061211230922.GM34082@wantadilla.lemis.com> References: <20061211184333.GA16342@host.my.domain> <457DBBFE.5010900@u.washington.edu> <20061211184333.GA16342@host.my.domain> <20061211230922.GM34082@wantadilla.lemis.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <982C6A03-357C-4B6B-8AF8-3027AA82786F@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Mon, 11 Dec 2006 15:57:45 -0800 To: "Greg 'groggy' Lehey" X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== X-Brightmail-scanned: yes Cc: Garrett Cooper , a@zeos.net, freeBSD List Subject: Re: What is microsoft-ds port 445? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 00:00:44 -0000 On Dec 11, 2006, at 3:09 PM, Greg 'groggy' Lehey wrote: > On Monday, 11 December 2006 at 11:06:12 -0800, Chuck Swiger wrote: >> On Dec 11, 2006, at 10:43 AM, a@zeos.net wrote: >>> What is microsoft-ds port #445? >> >> Mildly off-topic for this list, but it's used by directory-services, >> aka "Active Directory".... > > I don't know that it's that off-topic. A question which is independent of which OS you might use may still be relevant to a FreeBSD mailing list, but it does not seem to be highly relevant. A security list such as BugTraq or firewall-wizards is likely to provide more specific details or feedback about bursts of malware traffic on a particular port than freebsd-questions will... > I don't use Microsoft, but people bombard me with packets on port 445. Agreed-- it is certainly true that port 445 experiences lots of malicious probes. I run a honeynet which gets between 500 and 1000 connection requests per day per IP on port 445; a histogram of TCP traffic over the past week suggests it is the most commonly targeted port, closely followed by 139/tcp: # count / port 59676 445 58527 139 1043 9988 383 80 357 135 285 22 223 5900 214 1433 182 4899 144 1080 > Of course, the way to find this out is: > > $ grep 445 /etc/services > microsoft-ds 445/tcp > microsoft-ds 445/udp It seems likely that the original poster had gotten this far, judging from the question above. :-) Dear a@zeos.net: port 445/tcp is used to wrap a bunch of services that used to run over the NetBIOS/NetBEUI protocol, such as "domain browse lists", "network neighborhood", and CIFS/SMB services (ie, what Samba provides, workgroups, filesharing, user authentication)-- in short, "directory services". -- -Chuck