Date: Mon, 11 Dec 2006 15:57:45 -0800 From: Chuck Swiger <cswiger@mac.com> To: "Greg 'groggy' Lehey" <grog@FreeBSD.org> Cc: Garrett Cooper <youshi10@u.washington.edu>, a@zeos.net, freeBSD List <freebsd-questions@FreeBSD.org> Subject: Re: What is microsoft-ds port 445? Message-ID: <982C6A03-357C-4B6B-8AF8-3027AA82786F@mac.com> In-Reply-To: <20061211230922.GM34082@wantadilla.lemis.com> References: <20061211184333.GA16342@host.my.domain> <457DBBFE.5010900@u.washington.edu> <20061211184333.GA16342@host.my.domain> <F40EFD3D-9E76-4C15-B29B-199A940730A5@mac.com> <20061211230922.GM34082@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 11, 2006, at 3:09 PM, Greg 'groggy' Lehey wrote: > On Monday, 11 December 2006 at 11:06:12 -0800, Chuck Swiger wrote: >> On Dec 11, 2006, at 10:43 AM, a@zeos.net wrote: >>> What is microsoft-ds port #445? >> >> Mildly off-topic for this list, but it's used by directory-services, >> aka "Active Directory".... > > I don't know that it's that off-topic. A question which is independent of which OS you might use may still be relevant to a FreeBSD mailing list, but it does not seem to be highly relevant. A security list such as BugTraq or firewall-wizards is likely to provide more specific details or feedback about bursts of malware traffic on a particular port than freebsd-questions will... > I don't use Microsoft, but people bombard me with packets on port 445. Agreed-- it is certainly true that port 445 experiences lots of malicious probes. I run a honeynet which gets between 500 and 1000 connection requests per day per IP on port 445; a histogram of TCP traffic over the past week suggests it is the most commonly targeted port, closely followed by 139/tcp: # count / port 59676 445 58527 139 1043 9988 383 80 357 135 285 22 223 5900 214 1433 182 4899 144 1080 > Of course, the way to find this out is: > > $ grep 445 /etc/services > microsoft-ds 445/tcp > microsoft-ds 445/udp It seems likely that the original poster had gotten this far, judging from the question above. :-) Dear a@zeos.net: port 445/tcp is used to wrap a bunch of services that used to run over the NetBIOS/NetBEUI protocol, such as "domain browse lists", "network neighborhood", and CIFS/SMB services (ie, what Samba provides, workgroups, filesharing, user authentication)-- in short, "directory services". -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?982C6A03-357C-4B6B-8AF8-3027AA82786F>