port 135,137,445 traffic

[Guest]

[moonshine]

I seem to get a lot of requests through ports 135,137,445, maybe 139. I always block them. Things like nbname, nbsession, ms-rpc, ms-ds. Some seem to be from unfamiliar connections through my ISP, but others are worldwide. Should I be concerned ?

[sded]

Only if you don't block them.    There are a lot of port scanners and similar malicious programs out on the internet that try to take over computers for botnets.  Or just to destroy things.  If you do not have a NAT router, the attempts at inbound connections show up in your firewall log.    Some ISPs also have similar benign traffic, especially cable networks, but seem to work fine if you block them too.  You can add rules to block and not log them if you are using CFP3, and at least they won't clutter your log. 

[moonshine]

Thanks for the reply. I don't understand why microsoft don't make it simple to know what we don't need and let us switch them all off with one click. I have had these attempts for a while but I'm sure sometimes I thought they were needed and let them through. SVC.host used to be active quite a lot when I checked. I notice currently that port 1026 and 1040 are listening in my browser (no traffic). DCOM was another thing always wanting connected.

[sded]

There are provisions in Windows for things like sharing and remote operations that legitimately use these ports.  Within a trusted LAN they can be very useful features.  But hackers from the WAN are to be avoided, along with those on Public access LANs.  Seems like MS could do a better job of permissions, though.  But instead they provide a firewall that will block all this stuff (and not tell you about it) and when you use a 3rd party firewall with logging capability you say "oh s---, where did all that come from?"   Not their finest hour!

[Tags:]