Foreign Intruder SMBCONNMONITORTP
Home > IT Answers > AS/400 > Foreign Intruder SMBCONNMONITORTP
Borre
25 pts.
0
Q:
Foreign Intruder SMBCONNMONITORTP
AS/400, TCP/IP, SMBCONNMONITORTP, Netstat, AS/400 security
Display Tasks Using Connection

Connection type . . . . . . : *TCP
Local address . . . . . . . : 10.0.0.10
Local port . . . . . . . . . : 445
Remote address . . . . . . . : 217.238.70.18
Remote port . . . . . . . . : 2562

Task Task Task
SMBCONNMONITORTP

Above:
Here is how it loocks when I use netstat
How can I prevent them from getting into my i5
What can this task do to/in my i5 ?
Sniffing my creditcard no aso ?

Børre Thoresen
ASKED: May 5 2009  1:56 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
TomLiotta
8025 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
"10.0.0.10" is your i5?

And 217.238.70.18 is outside of your network?

Well, you could block port 445 on your i5, or you could block incoming traffic on 445 at your network firewall. There is a worm that is known to use 445. But, it's going to be looking at your "windows" netserver on the i5.

Its probably not going to bother the QSYS lib, but that doesn't mean that you couldn't have something turn up in a share in the IFS.

Seems like your network security people should be helping you with answers to possible intrusions.

Regards
Mike

===================================================================

Port 445 is the standard port for cifs (used by Microsoft for SMB over TCP/IP). This is the port that NetServer listens on. End your NetServer server if you don't want it listening.

Usually, that's not an option. NetServer has become too important not to run it or to block port 445 at your i5. What most people do is use a firewall to block access to such ports from the outside.

If you have a firewall for your network, it's misconfigured or it's compromised.

Tom
Last Answered: Oct 17 2009  9:58 AM GMT by TomLiotta   8025 pts.
Latest Contributors: Mcl   2500 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Borre   25 pts.  |   May 7 2009  1:24PM GMT

Thanks Mike,
I have had this(really not a problem) for several years. It also happens on port 139 *UDP. I don`t remember the task. I am using the NAT in my router: *all to ip 10.0.0.10(the i5) and it works as great
firewall for the rest of my pc-network. Is it possible to force the prompt signon for these ports.
By the way, I am the only one in the company so I have no security people to ask.
Thanks in advance
Borre Thoresen

 

Mcl   2500 pts.  |   May 7 2009  7:04PM GMT

Borre,
A company of one… Makes it hard when you want to blame someone for something, eh? :)

Other than locking down your network, I’m not sure what to do.

I did find one IBM reference to the SMBCONNMONITORTP task on this IBM website. Don’t know if this will help or not.

Regards
Mike

 

Mcl   2500 pts.  |   May 7 2009  7:08PM GMT

Oh, you may also want to look up info on the Sasser worm.

Regards
Mike

 
0