1. Home
  2. Digital Subscriber Line
  3. Netopia 3500-LinkSys-Port 135 and 445 in Log Files??

Netopia 3500-LinkSys-Port 135 and 445 in Log Files??

Does anyone show port 135 and 445 showing in their Linksys Log files?

My configuration:

I just got DSL installed by SBC - Business class, 5 static IPs. Using netopia cayman series gateway connected to my Linksys Router. The netopia has a assigned public IP address with DHCP and NAT diabled. I have a linksys router connected to my LAN for DHCP and NAT. My clients are all being served a private IP (192.168.x.x) fine and can all surf the web, no probs here.

I set my Linksys log sites and the Incoming logs to one of my clients (192.168.1.100), but I keep getting many entries from different sites for port 135 and 445. Questions:

  1. Is simply saying the that log were sent to the 192.168.1.100 machine on those ports (i.1. 135, 445 - recall that linksys requires that a loglinker program run on the client). Or were those site making requests to my computer on thos ports? My software firewall on the client does not show any attempts?
Reply to
jrivera
Loading thread data ...

The NAT on the Router blocks most activity. The activity is looking for "peers". As always I suggest blocking TCP and UDP ports 135 ~ 139 and 445 on any Router. On many Linksys models the URL is - http://192.168.1.1/Filters.htm I don't know what software you are using to log the Router activity but I highly suggest WallWatcher --

formatting link
is what I use and I have logged 100's of thousands of port 445 "hits" on the WAN address of my Router per month.

As for port 445 logging. It may be Internet worm activity. Here are some well known I-worms that use port 445 for their infection mode. ( It is by no means a complete list )

W32/Lioten.worm -

formatting link
-
formatting link
-
formatting link
-
formatting link
-
formatting link
-
formatting link
-
formatting link

Reply to
David H. Lipman

Not me. But then I don't have a Linksys.

The chances are that your system is being constantly attacked by windows worms/viruses that are searching for exploitable software on ports 135 and 445.

AFAIK, SBC blocks these ports for dynamic users. Since you have static IPs you get to block them yourself. It sounds as if your linksys is handling the blocking and logging the attempts.

Reply to
Neil W Rickert

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.