[SATLUG] Why are my ports 135,139,and 445 open?

Daniel J. Givens daniel at rugmonster.org
Sat Dec 26 00:14:22 CST 2009


Since the filtering is at the ISP level, it doesn't matter what rules  
he sets up on his system as the packets never get to his firewall.

--
Daniel J. Givens

On Dec 25, 2009, at 11:18 PM, Ernest De Leon <edeleonjr at gmail.com>  
wrote:

> I would use DROP instead of REJECT. This way your firewall gives no
> response, it just appears as a time out. Also pay attention to the  
> protocol
> you are DROPping/REJECTing...TCP vs UDP.
>
> On Fri, Dec 25, 2009 at 9:30 PM, Daniel J. Givens <daniel at rugmonster.org 
> >wrote:
>
>> That's your ISP filtering Netbios and SMB. There have been a number  
>> of
>> worms and botnets that targetted vulnerabilities in those services on
>> Windows boxes. They are blocking inbound connections to those ports  
>> to
>> protect their network.
>>
>> --
>> Daniel J. Givens
>>
>>
>> On Dec 25, 2009, at 8:30 PM, Don Davis <dondavis at reglue.org> wrote:
>>
>> When I scan my laptop from outside I see:
>>> 135/tcp filtered msrpc
>>> 136/tcp filtered profile
>>> 137/tcp filtered netbios-ns
>>> 138/tcp filtered netbios-dgm
>>> 139/tcp filtered netbios-ssn
>>> 445/tcp filtered microsoft-ds
>>>
>>> However, netstat -patu does not show these ports listening.
>>> I have also tried various variations on iptables rules with no  
>>> success:
>>> iptables -A INPUT -p udp --sport 445 -j REJECT
>>> iptables -A INPUT -p udp --dport 445 -j REJECT
>>>
>>> On the laptop and on the router with OpenWRT with no success.  
>>> Thoughts?
>>> --
>>> _______________________________________________
>>> SATLUG mailing list
>>> SATLUG at satlug.org
>>> http://alamo.satlug.org/mailman/listinfo/satlug to manage/ 
>>> unsubscribe
>>> Powered by Rackspace (www.rackspace.com)
>>>
>> --
>> _______________________________________________
>> SATLUG mailing list
>> SATLUG at satlug.org
>> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
>> Powered by Rackspace (www.rackspace.com)
>>
> -- 
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)


More information about the SATLUG mailing list