From owner-freebsd-security  Wed Nov 10  1:16:27 1999
Delivered-To: freebsd-security@freebsd.org
Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2])
	by hub.freebsd.org (Postfix) with ESMTP id BED8114C47
	for <freebsd-security@freebsd.org>; Wed, 10 Nov 1999 01:16:20 -0800 (PST)
	(envelope-from vlad@sandy.ru)
Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.12]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1) with ESMTP id MAA33490; Wed, 10 Nov 1999 12:10:26 +0300 (MSK)
Date: Wed, 10 Nov 1999 12:10:29 +0300
From: Vladimir Dubrovin <vlad@sandy.ru>
X-Mailer: The Bat! (v1.34) S/N D33CD428
Reply-To: Vladimir Dubrovin <vlad@sandy.ru>
Organization: Sandy Info
X-Priority: 3 (Normal)
Message-ID: <13507.991110@sandy.ru>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
Cc: freebsd-security@freebsd.org
Subject: Re[2]: Port 137 hitting my server
In-reply-To: <86u2mvgrll.fsf@localhost.hell.gr>
References: <86u2mvgrll.fsf@localhost.hell.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello Giorgos Keramidas,

10.11.99 2:41, you wrote: Port 137 hitting my server;

G> Larry Sica <larry@interactivate.com> writes:

>> actually the only thing i'd want to do is get rid of the annoying log
>> messages.  How could i tell syslog not to log that particular things (this
>> is veering offt opic now i think)

G> I am assuming that you're using ipfw here, and that you have a rule
G> looking something like:

G>     0600 deny log from any to any 137 via if0

If you're so scared about UDP 137 use something like

0600 unreach port udp from any 137 to any 137 ...
0610 deny log udp from any to any 137 ...

It's  better  use unreach instead of deny since some servers (not all)
will wait for name resolution before sending data and "deny" will slow
down you browsing, because server will wait until timeout.

NetBIOS  always  uses  137  as  both  source and destination ports, if
source  port is different from 137 then someone is trying to fingertip
your  network.

G> or close to this.  Remove the 'log' keyword and you're done with
G> logging of these packets.


  +=-=-=-=-=-=-=-=-=+
  |Vladimir Dubrovin|
  | Sandy Info, ISP |
  +=-=-=-=-=-=-=-=-=+




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message