Netopia 3500-LinkSys-Port 135 and 445 in Log Files??
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by jrivera@coffeechemistry.com on January 5, 2005, 5:55 pm
Please log in for more thread options My configuration: I just got DSL installed by SBC - Business class, 5 static IPs. Using netopia cayman series gateway connected to my Linksys Router. The netopia has a assigned public IP address with DHCP and NAT diabled. I have a linksys router connected to my LAN for DHCP and NAT. My clients are all being served a private IP (192.168.x.x) fine and can all surf the web, no probs here. I set my Linksys log sites and the Incoming logs to one of my clients (192.168.1.100), but I keep getting many entries from different sites for port 135 and 445. Questions: 1. Is simply saying the that log were sent to the 192.168.1.100 machine on those ports (i.1. 135, 445 - recall that linksys requires that a loglinker program run on the client). Or were those site making requests to my computer on thos ports? My software firewall on the client does not show any attempts? | ||||||||||||||||
|
Posted by David H. Lipman on January 6, 2005, 2:20 am
Please log in for more thread options "peers". As always I suggest blocking TCP and UDP ports 135 ~ 139 and 445 on any Router. On many Linksys models the URL is - http://192.168.1.1/Filters.htm I don't know what software you are using to log the Router activity but I highly suggest WallWatcher -- http://www.wallwatcher.com/ This is what I use and I have logged 100's of thousands of port 445 "hits" on the WAN address of my Router per month. As for port 445 logging. It may be Internet worm activity. Here are some well known I-worms that use port 445 for their infection mode. ( It is by no means a complete list ) W32/Lioten.worm - http://vil.nai.com/vil/content/v_99897.htm W32/Deloder.worm - http://vil.nai.com/vil/content/v_100127.htm W32/Slanper.worm - http://vil.nai.com/vil/content/v_100445.htm W32/Stinbot.worm.b - http://vil.nai.com/vil/content/v_100736.htm W32/Eslac.worm - http://vil.nai.com/vil/content/v_99970.htm W32/Sluter.worm - http://vil.nai.com/vil/content/v_100443.htm W32/Randon.worm.p - http://vil.nai.com/vil/content/v_100628.htm -- Dave | Does anyone show port 135 and 445 showing in their Linksys Log files? | | My configuration: | | I just got DSL installed by SBC - Business class, 5 static IPs. Using | netopia cayman series gateway connected to my Linksys Router. The | netopia has a assigned public IP address with DHCP and NAT diabled. I | have a linksys router connected to my LAN for DHCP and NAT. My clients | are all being served a private IP (192.168.x.x) fine and can all surf | the web, no probs here. | | I set my Linksys log sites and the Incoming logs to one of my clients | (192.168.1.100), but I keep getting many entries from different sites | for port 135 and 445. Questions: | | 1. Is simply saying the that log were sent to the 192.168.1.100 machine | on those ports (i.1. 135, 445 - recall that linksys requires that a | loglinker program run on the client). Or were those site making | requests to my computer on thos ports? | My software firewall on the client does not show any attempts? | | ||||||||||||||||
|
Posted by Neil W Rickert on January 6, 2005, 2:20 am
Please log in for more thread options
>Does anyone show port 135 and 445 showing in their Linksys Log files?
Not me. But then I don't have a Linksys. >My configuration:
>I just got DSL installed by SBC - Business class, 5 static IPs. Using
>netopia cayman series gateway connected to my Linksys Router. The >netopia has a assigned public IP address with DHCP and NAT diabled. I >have a linksys router connected to my LAN for DHCP and NAT. My clients >are all being served a private IP (192.168.x.x) fine and can all surf >the web, no probs here. The chances are that your system is being constantly attacked by windows worms/viruses that are searching for exploitable software on ports 135 and 445. AFAIK, SBC blocks these ports for dynamic users. Since you have static IPs you get to block them yourself. It sounds as if your linksys is handling the blocking and logging the attempts. | ||||||||||||||||
| Similar Threads | Posted |
| Netopia 3500-LinkSys-Port 135 and 445 in Log Files?? | January 5, 2005, 5:55 pm |
| Can't send files home | November 17, 2004, 12:31 pm |
| Netopia 3347W-ENT NTP | August 18, 2005, 2:01 pm |
| Netopia 5300-T Routers | January 4, 2005, 9:29 am |
| FA: Netopia DSL Modem (#3341) | March 9, 2005, 1:13 am |
| Netopia R9100 Configuration help?? | March 28, 2005, 1:27 pm |
| Netopia, DHCP Relay and VPN | December 9, 2005, 11:48 am |
| WTB Netopia 3300 Series | November 16, 2006, 9:14 am |
| Earthlink Netopia 3341 UHP config | July 20, 2005, 1:48 am |
| Netopia R9100 Static IP Setup | January 14, 2006, 9:35 pm |
| netopia 3346: snmp traps being sent | March 20, 2006, 11:28 pm |
| Netopia aux modem backup cable pinout | July 31, 2004, 3:17 pm |
| Netopia SDSL router with switched 56k backup | May 24, 2005, 4:03 pm |
| Netopia 3386-ENT using public and private IP ranges | February 6, 2006, 1:46 pm |
| Netopia 3386-ENT using public and private IP ranges | February 6, 2006, 1:58 pm |