Ethereal-users: Re: [Ethereal-users] Newbie in a jam

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 1 Mar 2006 10:05:21 +1100
If it is only trying to access port 445 then it is probably not a port scanner.

port 445 is the port used for CIFS  i.e. windows file sharing.


It could just be that you happen to have a windows laptop or something connected to your network and it tries to connect to its domain controller   or a network share   and your ISP is blocking CIFS traffic.
I.e.   you brought your laptop home from the office and connected it to your home network?



On 3/1/06, Jason Hernandez < jason.hernandez@xxxxxxxxxxxxx> wrote:
Thanks! Here is the sample line of the log that was sent to me. I replaced
the IP with X's. The first set of X's is the IP of my router and the other
set is the IP it's scanning.

2|Feb 20 2006 14:33:10|106001: Inbound TCP connection denied from
X.X.X.X/13331 to X.X.X.X/445 flags SYN on interface outside



Jason


-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto: ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of FRANCIS PROVENCHER
Sent: Tuesday, February 28, 2006 12:22 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Newbie in a jam

Hi
To stop the problem, you can deny the icmp echo request on your firewall.
Its not a good thing to lets user make icmp echo reply (ping) outdoor of
your network. Creat a rule on your firewall to deny it, you can add some
exception on this rule to lets administrator to ping outdoor.

Sorry i can give you some advise with ethereal.
You can also check for a Snort (Intrusion Detection System)



Francis Provencher
Ministère de la Sécurité publique
Réalisations et Systèmes réseaux
Tél: (418) 646-3258
Courriel:   Francis.provencher@xxxxxxxxxxxxxx

CEH - Certified Ethical Hackers
SSCP - System Security Certified Practionner
Sec+ - Security +
>>> jason.hernandez@xxxxxxxxxxxxx 02/28/06 2:36 PM >>>
Hello all,



I am very new to protocol analyzing and packet sniffing. I usually just
support pc, but an now supporting our network. I've been contacted my
company's ISP and they say some machine behind my router is scanning their
network. I have made sure all my PC's are patched, and have up to day anti
virus software ( McAfee) as well as anti spyware software (Windows
Defender), but I am still having this issue.



How can I use this software to find the culprit? What am I suppose to look
for? Sorry for being such a newbie...



Thanks in advance!





Jason




_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users