Date: Wed, 4 Apr 2001 03:16:39 +0200 From: "Wolfram Kraushaar" <wk@xtweb.de> To: "David Preece" <davep@afterswish.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Hacked? Message-ID: <LNBBJNIAAJDGIECKKHHEEEACCLAA.wk@xtweb.de> In-Reply-To: <5.0.2.1.1.20010404120017.02239310@pop3.paradise.net.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
> Now, I've had a FreeBSD machine permanently on acting as a firewall as you state later, you do no filtering - so you cannot say you do firewalling but only do nat. > We certainly have a shitload of traffic eminating from my machine, and > it looks like it is concerned with netbios naming??? Maybe this would > imply it's my windows box that has been compromised and someone is > running around the network on the private side? Samba isn't installed on your BSD box, is it? If it isn't, you could pull the cable of your internal windoze box and look if the light keeps blinking ;-) I would suggest to add IPFilter to your Kernel and then have a look at http://www.obfuscation.org/ipf/ on how to set up a firewall. The relevant Ports for Netbios are 137-139 (nbname, nbsession, nbdatagram), so you should at least filter them on the external interface. For security issues I would suggest reading the online-/mailresources of securityfocus.com and cert.org, other resources are mentioned on http://www.cert.org/nav/other_sources.html so long, Wolfram To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LNBBJNIAAJDGIECKKHHEEEACCLAA.wk>