I have an access-list that is denying any access to eq 445. Someone had set this list up before I was here, and I assume it's for some Blaster varient or something.
The problem is one of the System guys says it's a legit service, something to do with Active Directory.
When I do "sh logging" I see thousands of hits where it deny's one packet at a time from port 445 to misc IP addresses.
I do "sh access-list" and the deny 445 entry has millions of hits.
We do a network wide Symantec update and scan and find nothing.
Should I disable this 445 entry? Is it a legit service?
Thanx for any help
Port 445 is SMB over tcp or commonly referred to now by Microsoft a CIFS (Common Internet File System). This is vallid traffic so internally between sites that transfer files you should not be blocking this traffic but from external nets by all means this should be blocked.
HTH please rate any posts that were helpful.