PDA

View Full Version : Port 445?



George Orwell
08-18-10, 01:35 AM
Since putting BeeThink on our servers, I have seen a lot of
connect attempts to port 445. What are people trying to do
on that port?

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

Bit Twister
08-18-10, 02:48 AM
On Wed, 18 Aug 2010 08:35:02 +0200 (CEST), George Orwell wrote:
>
> Since putting BeeThink on our servers, I have seen a lot of
> connect attempts to port 445. What are people trying to do
> on that port?

https://secure.dshield.org/port.html?port=445

Rick
08-19-10, 07:30 AM
George Orwell wrote:
> Since putting BeeThink on our servers, I have seen a lot of
> connect attempts to port 445. What are people trying to do
> on that port?
>
> Il mittente di questo messaggio|The sender address of this
> non corrisponde ad un utente |message is not related to a real
> reale ma all'indirizzo fittizio|person but to a fake address of an
> di un sistema anonimizzatore |anonymous system
> Per maggiori informazioni |For more info
> https://www.mixmaster.it
>

http://www.grc.com/port_445.htm
::
....port 445 is "SMB over IP". (SMB is known as "Samba" and stands for "Server Message Blocks".) After all of the trouble the personal computer
industry has had with Microsoft's original Windows NetBIOS ports 137 through 139, it is difficult to imagine or believe that Microsoft could have
actually made things significantly worse with their replacement port 445 . . . but they did.

Whereas the great vulnerability originally created by Windows file sharing was that hackers could perhaps gain remote access to the contents of hard
disk directories or drives, the default exposure of the Internet server Microsoft silently installed into every Windows 2000 system (where port 445
first appeared), allows malicious hackers to remotely log onto the computers of unsuspecting users across the Internet and more recently, though
the use of some clever and readily available freeware tools (PsExec from SysInternals) to silently upload and run (in the remote user's computer) any
programs of their choosing without the computer's owners ever being aware.

As you might imagine, malicious hackers have been having a field day scanning for port 445, then easily and remotely commandeering Windows machines.
Even several hackers I have spoken with are unnerved by the glaring insecurities created by port 445. One chilling consequence of port 445 has been
the relatively silent appearance of NetBIOS worms. These worms slowly but methodically scan the Internet for instances of port 445, use tools like
PsExec to transfer themselves into the new victim computer, then redouble their scanning efforts. Through this mechanism, massive, remotely controlled
Denial of Service "Bot Armies", containing tens of thousands of NetBIOS worm compromised machines, have been assembled and now inhabit the Internet.