Date: Wed, 14 Jun 2000 21:22:10 -0500 From: Peeter Pirn <peeter@rhubarb.fwi.com> To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@freebsd.org Subject: Re: netbios Message-ID: <20000614212210.A1854@rhubarb.fwi.com> In-Reply-To: <862568FD.0046A112.00@MCSMTP.MC.VANDERBILT.EDU>; from George.Giles@mcmail.vanderbilt.edu on Tue, Jun 13, 2000 at 07:58:30AM -0500 References: <862568FD.0046A112.00@MCSMTP.MC.VANDERBILT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
--UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline See attached file. On Tue, Jun 13, 2000 at 07:58:30AM -0500, George.Giles@mcmail.vanderbilt.edu wrote: > > > I have closed all ports except 21, 22 using ipfw. I find on scanning a port 139 > open called NETBIOS. How do I close? -- Peeter Pirn - peeter@rhubarb.fwi.com --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=fw In the rules below, I have taken my `allow' firewall rules that allow Samba to run on my internal network and changed them to `deny'. This should block some, if not all, NETBIOS packets. Note that the first rule applies to incoming packets for the broadcast address, not the address of the interface. # # Deny NETBIOS from internal network. Will block Samba communications. # /sbin/ipfw add 30100 deny log udp from 10.0.0.0/24 137 to 10.0.0.255 137 via 10.0.0.254 /sbin/ipfw add 30110 deny log udp from 10.0.0.254 137 to 10.0.0.1/24 137 via 10.0.0.254 /sbin/ipfw add 30200 deny log udp from 10.0.0.254 138 to 10.0.0.0/24 138 via 10.0.0.254 /sbin/ipfw add 30300 deny log tcp from 10.0.0.1/24 to 10.0.0.254 139 via 10.0.0.254 /sbin/ipfw add 30310 deny log tcp from 10.0.0.254 139 to 10.0.0.1/24 via 10.0.0.254 --UugvWAfsgieZRqgk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000614212210.A1854>