[SATLUG] Why are my ports 135,139,and 445 open?

Ernest De Leon edeleonjr at gmail.com
Fri Dec 25 23:18:18 CST 2009


I would use DROP instead of REJECT. This way your firewall gives no
response, it just appears as a time out. Also pay attention to the protocol
you are DROPping/REJECTing...TCP vs UDP.

On Fri, Dec 25, 2009 at 9:30 PM, Daniel J. Givens <daniel at rugmonster.org>wrote:

> That's your ISP filtering Netbios and SMB. There have been a number of
> worms and botnets that targetted vulnerabilities in those services on
> Windows boxes. They are blocking inbound connections to those ports to
> protect their network.
>
> --
> Daniel J. Givens
>
>
> On Dec 25, 2009, at 8:30 PM, Don Davis <dondavis at reglue.org> wrote:
>
>  When I scan my laptop from outside I see:
>> 135/tcp filtered msrpc
>> 136/tcp filtered profile
>> 137/tcp filtered netbios-ns
>> 138/tcp filtered netbios-dgm
>> 139/tcp filtered netbios-ssn
>> 445/tcp filtered microsoft-ds
>>
>> However, netstat -patu does not show these ports listening.
>> I have also tried various variations on iptables rules with no success:
>> iptables -A INPUT -p udp --sport 445 -j REJECT
>> iptables -A INPUT -p udp --dport 445 -j REJECT
>>
>> On the laptop and on the router with OpenWRT with no success. Thoughts?
>> --
>> _______________________________________________
>> SATLUG mailing list
>> SATLUG at satlug.org
>> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
>> Powered by Rackspace (www.rackspace.com)
>>
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)
>


More information about the SATLUG mailing list