[NCLUG] packets to port 445
mike cullerton
michaelc at cullerton.com
Thu Oct 17 15:23:10 MDT 2002
On Thursday, October 17, 2002, at 03:17 PM, Michael Milligan wrote:
> mike cullerton wrote:
>> hey folks,
>> i've been seeing quite a few packets destined to tcp port 445 this
>> morning. the traffic is coming from more than one ip address.
>> /etc/services says microsoft-ds for this.
>
> It's Active Directory.
ah, thanks. so, is there some new Active Directory exploit out there or
something?
(too bad these folks don't realize there aren't even any windows
machines on my network)
>
>> anyone else seeing this kind of thing?
>
> Yes. Drop it at your firewall just like you do with ports 135-139...
i already drop them, just like i drop all packets entering my network i
don't specifically want. isn't that what everyone does :)
btw, it's the logs of those drops that let me know it was happening.
-- mike cullerton
More information about the NCLUG
mailing list