I'd be glad to asist you with the ipchains rules. If you'd be willing to
email either the list (or me) with your current ipchains rules, without
specific IPs of course.
ipchains is a very fickle beast. A lot of times what looks like it should do
the job in fact doesnt, and its not just a coincidence that they replaced
ipchains with iptables in 2.4. Firewalling with ipchains is a big part of
what I do for a living. : )
Derek Stark
dmstark at esupportnow.com
IT / Linux Admin
eSupportNow
xt 8952
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of mike ryder
Sent: Friday, January 12, 2001 11:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Many Port Requests
Go visit www.grc.com and follow the links to test your shields - it is
alarming how much detail can be retrieved with port 139 open. I was running
samba on the net gateway and ipchains did not appear to block the
information - so currently I have disabled samba until I find a better
idea - or someone can tell me the rule for ipchains that will work.
----- Original Message -----
From: "D. Stark - eSN" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 12, 2001 2:09 PM
Subject: RE: [expert] Many Port Requests
> That's the NetBios port. Windows (95, 98, NT without WINS) pukes out TONS
of
> broadcast traffic (each machine continually announces its exsistance on
the
> network, any shares it might have, trades dessert recipies, I don't know).
> If there's an upside, I do not believe it is a routable protocol, so
nobody
> is spamming you with NetBios requests.
>
> Although, now that I think about it, someone *may* still be trying to
crack
> you on that port in theory (assuming that there was a crackable service
> running). Add two ipchains lines. One to allow all port 137 originating on
> the local network, and one right after it in the chain to disallow all
other
> port 137 traffic. Best to do it for both tcp and udp, as both can be used
by
> Windows.
>
> Derek Stark
> IT / Linux Admin
> eSupportNow
> xt 8952
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 12, 2001 6:15 AM
> To: Linux-Mandrake Expert (Request)
> Subject: [expert] Many Port Requests
>
>
> I'm getting many udp port requests through ipchains on
> 137/netbios-ns. Is this the port NTs use for the nameservers or
> is it a cracker?
>
> Note: When you reply to this message, please include the mailing
> list/newsgroup address in Cc: and my email address in To:.
>
> *********************************************************************
> Signed,
> SoloCDM
>
>
>
