What's up with port 445? - Internet Security

What's up with port 445?
Looking at the DSHIELD data for the port 445 Shows an interesting little trend. Reports showing 445 as the target port is down. Something that is also observed by some readers in their various darknets. Ports showing 445 as the source however is way up. If you are seeing this or have some packets, please send them through. For the packets, I'm interested especially in the source port 445 traffic. Mark H Update Quite number of people have reported a similar drop in their stats for 445 as the target port, but no real explanations just yet. Likely to be confiker related, but that's speculation at the moment.	Mark 391 Posts ISC Handler
Subscribe	Mar 6th 2009 1 decade ago
Hello World! TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system. Useful Links: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx http://download.sysinternals.com/Files/TcpView.zip	Anonymous
Quote	Mar 6th 2009 1 decade ago
Looks like the same rise in port 445 sources happened almost exactly a year ago. I'd check for previous years, but I don't want to taunt the poor little app.	Ron 4 Posts
Quote	Mar 6th 2009 1 decade ago
Not seeing the same thing last year, but willing to be wrong. Which dates did you use?	Mark 391 Posts ISC Handler
Quote	Mar 6th 2009 1 decade ago
Hmm.. All I did was change the start year to 2008, and hit submit (start/end dates become Feb 5 2008 - Mar 7 2009). It shows a similar ramp-up and sudden drop. Looking at it again, and playing around with the dates a bit more, the ramp disappears. Probably an artifact of the sample rate. Sorry for the false alarm.	Ron 4 Posts
Quote	Mar 7th 2009 1 decade ago
my #1 destination port across all my firewalls (multiple class C's) is by FAR tcp 445. i have yet to capture some of traffic, but the sources appear to be coming from all over. i have been waiting for someone else to see this spike. :)	Anonymous
Quote	Mar 10th 2009 1 decade ago