Foreign Intruder SMBCONNMONITORTP

25 pts.
Tags:
AS/400
AS/400 security
Netstat
SMB
TCP/IP
Display Tasks Using Connection Connection type . . . . . . : *TCP Local address . . . . . . . : 10.0.0.10 Local port . . . . . . . . . : 445 Remote address . . . . . . . : 217.238.70.18 Remote port . . . . . . . . : 2562 Task Task Task SMBCONNMONITORTP Above: Here is how it loocks when I use netstat How can I prevent them from getting into my i5 What can this task do to/in my i5 ? Sniffing my creditcard no aso ? Børre Thoresen

Answer Wiki

Thanks. We'll let you know when a new response is added.

“10.0.0.10” is your i5?

And 217.238.70.18 is outside of your network?

Well, you could block port 445 on your i5, or you could block incoming traffic on 445 at your network firewall. There is a worm that is known to use 445. But, it’s going to be looking at your “windows” netserver on the i5.

Its probably not going to bother the QSYS lib, but that doesn’t mean that you couldn’t have something turn up in a share in the IFS.

Seems like your network security people should be helping you with answers to possible intrusions.

Regards
Mike

===================================================================

Port 445 is the standard port for cifs (used by Microsoft for SMB over TCP/IP). This is the port that NetServer listens on. End your NetServer server if you don’t want it listening.

Usually, that’s not an option. NetServer has become too important not to run it or to block port 445 at your i5. What most people do is use a firewall to block access to such ports from the outside.

If you have a firewall for your network, it’s misconfigured or it’s compromised.

Tom

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Borre
    Thanks Mike, I have had this(really not a problem) for several years. It also happens on port 139 *UDP. I don`t remember the task. I am using the NAT in my router: *all to ip 10.0.0.10(the i5) and it works as great firewall for the rest of my pc-network. Is it possible to force the prompt signon for these ports. By the way, I am the only one in the company so I have no security people to ask. Thanks in advance Borre Thoresen
    25 pointsBadges:
    report
  • mcl
    Borre, A company of one... Makes it hard when you want to blame someone for something, eh? :) Other than locking down your network, I'm not sure what to do. I did find one IBM reference to the SMBCONNMONITORTP task on this IBM website. Don't know if this will help or not. Regards Mike
    2,740 pointsBadges:
    report
  • mcl
    Oh, you may also want to look up info on the Sasser worm. Regards Mike
    2,740 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following