Security Basics mailing list archives
Re: Out of my league.....
From: Daniel Bruce Lynes <dlynes () cwazy co uk>
Date: Thu, 8 Jan 2004 12:57:35 -0800
On Wednesday 07 January 2004 13:16, Jeff Johnson wrote:
(therefore, the firewall catches and logs them). These blocks come with the message Block host "" internet access, and are typically using ports 139 & 445. Looked suspicious, so, I ran an fport scan on the server, and it did show ports 139 & 445 open, but, shows that the Pid is 8 (the system).....Also did some ethereal scan of the network, and it does show that the server is trying to access this specific external ip address.
Nothing wrong there. I wouldn't allow 139 or 445 outside of the network, either. They're used by Windows' network neighborhood. However, if you're running a mainly Windows network, you want to keep these ports open usually, or Network Neighborhood will no longer work.
My question is (kudos if you've patiently read everything so far), how do I find out what this process is that is trying to do these accesses, or am I being overly paranoid. As you can most likely tell from this, I'm not the
There's a freeware(?) program I believe available on download.com or somewhere else for Windows that allows you to see what programs are attached to port numbers. I don't generally use Windows, or I'd be able to give you a download URL and name for it. But, I remember that it does exist. There was mention of it in Sys Admin magazine a while back, when they were talking about the '-p' switch for the Linux netstat command. --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Out of my league..... Jeff Johnson (Jan 08)
- RE: Out of my league..... David Gillett (Jan 08)
- RE: Out of my league..... Jeff Johnson (Jan 08)
- RE: Out of my league..... JM (Jan 09)
- RE: Out of my league..... Jeff Johnson (Jan 08)
- Re: Out of my league..... Dani Wuck (Jan 08)
- Re: Out of my league..... Paul Kurczaba (Jan 09)
- Re: Out of my league..... Daniel Bruce Lynes (Jan 09)
- Re: Out of my league..... Caylan Larson (Jan 12)
- Auditing / Logging software n30 (Jan 12)
- <Possible follow-ups>
- RE: Out of my league..... Sathiyamurthy Rajagopalan (Jan 09)
- Re: Out of my league..... pordeus (Jan 09)
- RE: Out of my league..... David Gillett (Jan 08)