What is microsoft-ds port 445?
Chuck Swiger
cswiger at mac.com
Mon Dec 11 16:00:44 PST 2006
On Dec 11, 2006, at 3:09 PM, Greg 'groggy' Lehey wrote:
> On Monday, 11 December 2006 at 11:06:12 -0800, Chuck Swiger wrote:
>> On Dec 11, 2006, at 10:43 AM, a at zeos.net wrote:
>>> What is microsoft-ds port #445?
>>
>> Mildly off-topic for this list, but it's used by directory-services,
>> aka "Active Directory"....
>
> I don't know that it's that off-topic.
A question which is independent of which OS you might use may still
be relevant to a FreeBSD mailing list, but it does not seem to be
highly relevant. A security list such as BugTraq or firewall-wizards
is likely to provide more specific details or feedback about bursts
of malware traffic on a particular port than freebsd-questions will...
> I don't use Microsoft, but people bombard me with packets on port 445.
Agreed-- it is certainly true that port 445 experiences lots of
malicious probes.
I run a honeynet which gets between 500 and 1000 connection requests
per day per IP on port 445; a histogram of TCP traffic over the past
week suggests it is the most commonly targeted port, closely followed
by 139/tcp:
# count / port
59676 445
58527 139
1043 9988
383 80
357 135
285 22
223 5900
214 1433
182 4899
144 1080
> Of course, the way to find this out is:
>
> $ grep 445 /etc/services
> microsoft-ds 445/tcp
> microsoft-ds 445/udp
It seems likely that the original poster had gotten this far, judging
from the question above. :-)
Dear a at zeos.net: port 445/tcp is used to wrap a bunch of services
that used to run over the NetBIOS/NetBEUI protocol, such as "domain
browse lists", "network neighborhood", and CIFS/SMB services (ie,
what Samba provides, workgroups, filesharing, user authentication)--
in short, "directory services".
--
-Chuck
More information about the freebsd-questions
mailing list