(On Router) Port 445 should not be open for incoming connections, hence only
connections going out will be on that port. (unless your router/modem is
compromised.) Blocking out going connections on that port would be good thing
to do. --- Assuming you are doing the blocking on the router/modem. On Windoes
firewall that is good.
There were recently some patches to Samba, so anytime a vulnerability is
patched, hackers go to town looking for unpatched systems. Samba provides SMB
filesharing in Linux, and SMB (windoes fileshareing) is a prime target for
malware. Once a system is infected it will often use SMB to try and spread to
other computers on the network.
<rant> I'm super paranoid when it comes to malware. Today's malware tries to be
very stealthy. If I found what you found going on. I would be completely
re-install Windoze on a fresh disk. Of the few times my computers got infected,
there was no anti-virus, anti-malware tool that would find it and remove it. I
even went a far as mounting the windoes drive on Linux and looking through the
registry hives. Blocking port 445 is a good start, but only a bandaid. What is
initiating that connection in the first place? It means your computer (or
router) is most likely compromised - my opinion. Go to bleepingcomputer.com and
search "port 445". Personally though, I'm a programmer and security issues are
a hobby, so I would waste time pursuing it, but for the non-hacker, you can
waste a lot of time trying to fix it. Hence just reinstall windows and have
peace of mind. Better to prevent the disease than try to cure it. And if you
have an older router/modem, I would replace it. Or at least re-fl
ash the firmware in it.</rant>
Paranoid WayneSHacker2
At 3/1/2019 07:02 PM, you wrote:
> Is it possible that they are initiated by way of the bogus connection to
> port 445? I didn't see any more microsoft-ds connections after I blocked
> access to that.
>
>>
>>You should not be getting connections unless you are compromised.
>>Unless you mean hits on the firewall.
>>
>>>
>>> Never mind Russia and/or China. I just had a burst of almost 20
>>>connections to the IP address 78.38.93.8, which turns out to be from
>>>Iran.
>>>
>>
>
>Chris
>
>When the going gets weird, the weird turn pro
> - Hunter S. Thompson
>--
>_________________________________________________________________
>Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>Themed Olympus Photo Exhibition: http://www.tope.nl/
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|