what is microsoft-ds?
nmap -v -A li7-181.members.linode.com
In the output below, I see
****445/tcp filtered microsoft-ds****.
What is it? <e>:?</e>
Starting nmap 3.83.DC13 ( http://www.insecure.org/nmap/ ) at 2006-02-28 11:45 NZDT
Initiating Connect() Scan against li7-181.members.linode.com (64.62.231.181) [1667 ports] at 11:45
Discovered open port 22/tcp on 64.62.231.181
Increasing send delay for 64.62.231.181 from 0 to 5 due to maxsuccessfultryno increase to 4
Connect() Scan Timing: About 28.16% done; ETC: 11:47 (0:01:16 remaining)
Connect() Scan Timing: About 48.58% done; ETC: 11:49 (0:01:55 remaining)
The Connect() Scan took 162.16s to scan 1667 total ports.
Initiating service scan against 1 service on li7-181.members.linode.com (64.62.231.181) at 11:48
The service scan took 0.50s to scan 1 service on 1 host.
Host li7-181.members.linode.com (64.62.231.181) appears to be up … good.
Interesting ports on li7-181.members.linode.com (64.62.231.181):
(The 1665 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.9p1 (protocol 2.0)
445/tcp filtered microsoft-ds
Nmap finished: 1 IP address (1 host up) scanned in 163.782 seconds
````
thanks
genode
4 Replies
I'm sure caker or mikegrb will be in shortly to set us all straight.
Port 445 is used by Windows for its Directory Services (hence "ds"), and there's no good reason at all to have it open on the Internet normally, even on a Linux box. It's a good thing it's filtered, but if Linode are filtering it I'm not sure how come it isn't on the list.
(sorry for the dump question. I'll be seen crawling up the security admin learning curve over the next couple of days.)
thanks
Technically it's a violation of the RFC spec (because the RFC states that if the computer's on then it must give a response) but the RFC was written without foreknowledge of the security issues that was arise today, so now everybody does it and it's generally regarded as a Good Thing all round.