Go visit www.grc.com and follow the links to test your shields - it is
alarming how much detail can be retrieved with port 139 open. I was running
samba on the net gateway and ipchains did not appear to block the
information - so currently I have disabled samba until I find a better
idea - or someone can tell me the rule for ipchains that will work.
----- Original Message -----
From: "D. Stark - eSN" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 12, 2001 2:09 PM
Subject: RE: [expert] Many Port Requests
> That's the NetBios port. Windows (95, 98, NT without WINS) pukes out TONS
of
> broadcast traffic (each machine continually announces its exsistance on
the
> network, any shares it might have, trades dessert recipies, I don't know).
> If there's an upside, I do not believe it is a routable protocol, so
nobody
> is spamming you with NetBios requests.
>
> Although, now that I think about it, someone *may* still be trying to
crack
> you on that port in theory (assuming that there was a crackable service
> running). Add two ipchains lines. One to allow all port 137 originating on
> the local network, and one right after it in the chain to disallow all
other
> port 137 traffic. Best to do it for both tcp and udp, as both can be used
by
> Windows.
>
> Derek Stark
> IT / Linux Admin
> eSupportNow
> xt 8952
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 12, 2001 6:15 AM
> To: Linux-Mandrake Expert (Request)
> Subject: [expert] Many Port Requests
>
>
> I'm getting many udp port requests through ipchains on
> 137/netbios-ns. Is this the port NTs use for the nameservers or
> is it a cracker?
>
> Note: When you reply to this message, please include the mailing
> list/newsgroup address in Cc: and my email address in To:.
>
> *********************************************************************
> Signed,
> SoloCDM
>
>
>
