From owner-freebsd-security Wed Jun 14 19:20:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from rhubarb.fwi.com (rhubarb.fwi.com [209.84.175.126]) by hub.freebsd.org (Postfix) with SMTP id 31F8F37BF23 for ; Wed, 14 Jun 2000 19:20:41 -0700 (PDT) (envelope-from peeter@rhubarb.fwi.com) Received: (qmail 1868 invoked by uid 1000); 15 Jun 2000 02:22:10 -0000 Date: Wed, 14 Jun 2000 21:22:10 -0500 From: Peeter Pirn To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@freebsd.org Subject: Re: netbios Message-ID: <20000614212210.A1854@rhubarb.fwi.com> References: <862568FD.0046A112.00@MCSMTP.MC.VANDERBILT.EDU> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <862568FD.0046A112.00@MCSMTP.MC.VANDERBILT.EDU>; from George.Giles@mcmail.vanderbilt.edu on Tue, Jun 13, 2000 at 07:58:30AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline See attached file. On Tue, Jun 13, 2000 at 07:58:30AM -0500, George.Giles@mcmail.vanderbilt.edu wrote: > > > I have closed all ports except 21, 22 using ipfw. I find on scanning a port 139 > open called NETBIOS. How do I close? -- Peeter Pirn - peeter@rhubarb.fwi.com --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=fw In the rules below, I have taken my `allow' firewall rules that allow Samba to run on my internal network and changed them to `deny'. This should block some, if not all, NETBIOS packets. Note that the first rule applies to incoming packets for the broadcast address, not the address of the interface. # # Deny NETBIOS from internal network. Will block Samba communications. # /sbin/ipfw add 30100 deny log udp from 10.0.0.0/24 137 to 10.0.0.255 137 via 10.0.0.254 /sbin/ipfw add 30110 deny log udp from 10.0.0.254 137 to 10.0.0.1/24 137 via 10.0.0.254 /sbin/ipfw add 30200 deny log udp from 10.0.0.254 138 to 10.0.0.0/24 138 via 10.0.0.254 /sbin/ipfw add 30300 deny log tcp from 10.0.0.1/24 to 10.0.0.254 139 via 10.0.0.254 /sbin/ipfw add 30310 deny log tcp from 10.0.0.254 139 to 10.0.0.1/24 via 10.0.0.254 --UugvWAfsgieZRqgk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message