[SATLUG] Why are my ports 135,139,and 445 open?

Don Davis dondavis at reglue.org
Sat Dec 26 12:08:17 CST 2009

>> Is it acceptable to scan my subnet neighbors from the ISP to check?
> I'm not sure what you would hope to learn from doing this, but I
> always recommend against scanning systems that do not belong
To see if the isp was indeed blocking the ports in question.

I would certainly not try to exploit any other systems or test their 
security. Given the amount of scanning and hostile probing going on, it 
would most likely go unnoticed. It was more a question of etiquette and 
morès. Running a webserver (or leaving typical ports open) you can see 
lots of annoying stuff going on. It's most upsetting when a seemingly 
'reputable' web page design company runs lots of arbitrary 'GET' 
commands against your Apache.

> Why scan IPv6 if there is no way to access your system with IPv6
> without setting up a specialized tunnel?  If you're setting up a
> tunnel then you should definitely know what is going over the tunnel,
> thus making scanning pointless.

I do have an IPv6 Tunnel. I'd just like to look at it from outside.

> The only time I use DROPs on my system is during a DoS attack, because
> it makes the attacker think that the system is offline, giving the
> appearance of a successful attack :)

What about TARPIT?

What do you think of changing the SSH banner after moving SSH to listen 
on a non-standard port?

More information about the SATLUG mailing list