What is microsoft-ds port 445?

[Chuck Swiger]

On Dec 11, 2006, at 3:09 PM, Greg 'groggy' Lehey wrote:
> On Monday, 11 December 2006 at 11:06:12 -0800, Chuck Swiger wrote:
>> On Dec 11, 2006, at 10:43 AM, a at zeos.net wrote:
>>> What is microsoft-ds port #445?
>>
>> Mildly off-topic for this list, but it's used by directory-services,
>> aka "Active Directory"....
>
> I don't know that it's that off-topic.

A question which is independent of which OS you might use may still  
be relevant to a FreeBSD mailing list, but it does not seem to be  
highly relevant.  A security list such as BugTraq or firewall-wizards  
is likely to provide more specific details or feedback about bursts  
of malware traffic on a particular port than freebsd-questions will...

> I don't use Microsoft, but people bombard me with packets on port 445.

Agreed-- it is certainly true that port 445 experiences lots of  
malicious probes.

I run a honeynet which gets between 500 and 1000 connection requests  
per day per IP on port 445; a histogram of TCP traffic over the past  
week suggests it is the most commonly targeted port, closely followed  
by 139/tcp:

# count / port
59676 445
58527 139
1043  9988
383   80
357   135
285   22
223   5900
214   1433
182   4899
144   1080

> Of course, the way to find this out is:
>
>   $ grep 445 /etc/services
>   microsoft-ds    445/tcp
>   microsoft-ds    445/udp

It seems likely that the original poster had gotten this far, judging  
from the question above.  :-)

Dear a at zeos.net: port 445/tcp is used to wrap a bunch of services  
that used to run over the NetBIOS/NetBEUI protocol, such as "domain  
browse lists", "network neighborhood", and CIFS/SMB services (ie,  
what Samba provides, workgroups, filesharing, user authentication)--  
in short, "directory services".

-- 
-Chuck