Ports 139/445

Thread: Ports 139/445

Search this list only Search all lists
Ports 139/445
	2006-12-03 21:20:47
Can anyone tell me if Surgemail is somehow utilizing ports 139 or 445 on a Windows Server platform? Specifically Windows 2003. I have been trying to crank up the security on our server and when I block ports 139 (NetBios) and port 445 (SMB) I lose connectivity to Surgemail. It will not deliver mail and I can not log into the webmail port. I am not sure yet whether it is 139 or 445 that leads to the problem. I hesitate to fiddle with the system too much even though it is Sunday and most of the users are not paying much attention. I did get one call from a client who noticed the email went away for a bit. More on why I am doing this later. Orin Wells Supportawasco.com 253-630-5296

Ports 139/445
	2006-12-03 21:51:00
I'm blocking 139 and 445 on Windows 2000 without issues. I'm using the IPSec rules as a firewall. > -----Original Message----- > From: Orin Wells [mailto:Orinwellsawasco.com] > Sent: Sunday, December 03, 2006 4:21 PM > To: surgemail-listnetwinsite.com > Subject: [SurgeMail List] Ports 139/445 > > Can anyone tell me if Surgemail is somehow utilizing ports 139 or 445 > on a Windows Server platform? Specifically Windows 2003. > > I have been trying to crank up the security on our server and when I > block ports 139 (NetBios) and port 445 (SMB) I lose connectivity to > Surgemail. It will not deliver mail and I can not log into the > webmail port. I am not sure yet whether it is 139 or 445 that leads > to the problem. I hesitate to fiddle with the system too much even > though it is Sunday and most of the users are not paying much > attention. I did get one call from a client who noticed the email > went away for a bit. > > More on why I am doing this later. > > > Orin Wells > Supportawasco.com > 253-630-5296 >

Ports 139/445
	2006-12-03 23:24:06
Orin Wells wrote: > Can anyone tell me if Surgemail is somehow utilizing ports 139 or 445 > on a Windows Server platform? Specifically Windows 2003. > > I have been trying to crank up the security on our server and when I > block ports 139 (NetBios) and port 445 (SMB) I lose connectivity to > Surgemail. It will not deliver mail and I can not log into the webmail > port. I am not sure yet whether it is 139 or 445 that leads to the > problem. I hesitate to fiddle with the system too much even though it > is Sunday and most of the users are not paying much attention. I did > get one call from a client who noticed the email went away for a bit. > > More on why I am doing this later. > > > Orin Wells > Supportawasco.com > 253-630-5296 > I am guessing it matters if your server's os is using either for name resolution as Surgemail doesn't use either and DNS is on port 53(tcp & udp).

Ports 139/445
	2006-12-04 03:53:17
Orin Wells wrote: > Can anyone tell me if Surgemail is somehow utilizing ports 139 or 445 on > a Windows Server platform? Specifically Windows 2003. It shouldn't use those ports at all unless you have set it to use them. Regards, Stuart > > I have been trying to crank up the security on our server and when I > block ports 139 (NetBios) and port 445 (SMB) I lose connectivity to > Surgemail. It will not deliver mail and I can not log into the webmail > port. I am not sure yet whether it is 139 or 445 that leads to the > problem. I hesitate to fiddle with the system too much even though it > is Sunday and most of the users are not paying much attention. I did > get one call from a client who noticed the email went away for a bit. > > More on why I am doing this later. > > > Orin Wells > Supportawasco.com > 253-630-5296 > -- When replying please quote original message to save time and always let us know what OS and version of SurgeMail you are using. ********************************************************** ************ If you wish to communicate with other users and talk about SurgeMail and also get news about updates etc then join the SurgeMail List. Send an email to surgemail-list-requestnetwinsite.com with only "subscribe" in the message body FAQ - http ://www.netwinsite.com/surgemail/help/faq.htm ******************************************************** **************

OT (sort of) Ports 139/445
	2006-12-04 04:19:39

What sent me down this path was that I was getting tired of locking out spammers. Then I discovered we had a LOT of people playing around with our system.  I only saw this when I turned on more stuff in the Security Log and started logging ALL login attempts  There were two classes of buggers coming in. 1) a group of people who seemed to be logging in using Anonymous_Logon. In some cases it almost looked like some club got together and decided to meet at a certain time at our IP address.  I could never figure out what they were doing - possibly using the messenger or something. I finally caught one on port 445. I was locking them out as I found them using CHX-1 a software firewall program. 2) a large number of folks who were determined to find the passwords for Administrator and Admin accounts.  We don't have either on the system but since there is no difference between wrong password and no such account they sometimes would keep it up for a couple of hours with their password crackers.  I was also locking them down as I found them. So today I decided to run Microsoft Security Wizard and try to lock some stuff down that was not previously correctly handled.  On ports I made sure that both 139 and 445 were turned off. The first time out of the gate we could no longer communicate with Surgemail either from email apps or via the web mail. ; So I went back into the Wizard and rechecked the two deciding I would just run it that way for a bit and then turn them off one by one to see if there was really a problem.  But I then discovered after re-booting that they both seem to be still turned off according to Netstat.(nothing listening to them) and Surgemail appears to be working. But then it all fell apart.  About an hour to two after rebooting the server following what I had thought re-activated 139 and 445 the server pretty much froze all services EXCEPT I found afterward that MS Firewall was logging intermittent connections on ports 25, 110 and 53.  Of course 25 and 110, although I have no clue how anything could have gotten in, are for email and 53 is a DNS look up as best I can tell. ; The only clue I found was two failures of a MS dot Net module just immediately before everything stopped. enterprisesec.config.cch.new I have no reason to believe this caused the crash but it is certainly coincidental if there was no contribution. Naturally the username and password for our masterswitch were nowhere to be found - last used about 8 months ago and I think were in a notebook that I lost when my laptop was stolen last May in San Francisco. So we had to call the NOC to go push the button on the console to get us back up after a very painful wait. I have now disabled the Microsoft Firewall just in case it had something to do with this (maybe I am just paranoid) and until I can evaluate the log it put out that looks awfully peculiar. Has anyone had any experience using the MS Firewall?  Any problems? One last question.  I noticed in Netstat -an that every one of our domains is listening on port 123 (UDP).  I believe this is the Microsoft NTP or Network News Protocol port. ; I saw one discussion indicating it was related to time updates,  but I am not sure that is correct.  I can see no reason for the NTP on our system.  Does anyone know of any downside to deactivating port 123? In fact from what I have read there are folks who are using this port for chat software connections and probably a lot more. The intruders are still not showing up in the security log, but I do see a few trapped ones getting recorded in the CXH-1.Packet Filter Log. This sort of indicates that CHX-1 may actually be seeing the traffic before Microsoft rejects them. At 03:24 PM 12/3/2006, Lyle Giese wrote: Orin Wells wrote: > Can anyone tell me if Surgemail is somehow utilizing ports 139 or 445 > on a Windows Server platform? Specifically Windows 2003. >; > I have been trying to crank up the security on our server and when I > block ports 139 (NetBios) and port 445 (SMB) I lose connectivity to > Surgemail. It will not deliver mail and I can not log into the webmail > port. I am not sure yet whether it is 139 or 445 that leads to the > problem. I hesitate to fiddle with the system too much even though it > is Sunday and most of the users are not paying much attention. I did >; get one call from a client who noticed the email went away for a bit. > > More on why I am doing this later. > > > Orin Wells >; Supportawasco.com > 253-630-5296 > I am guessing it matters if your server's os is using either for name resolution as Surgemail doesn't use either and DNS is on port 53(tcp & udp). Orin Wells Supportawasco.com 253-630-5296

[1-5]

about | contact Other archives ( Real Estate discussion Medical topics )