From owner-freebsd-security Tue Jun 13 9:49:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc1.sdca.home.com (ha1.rdc1.sdca.home.com [24.0.3.66]) by hub.freebsd.org (Postfix) with ESMTP id 9F48437B8F4 for ; Tue, 13 Jun 2000 09:49:08 -0700 (PDT) (envelope-from larry@interactivate.com) Received: from interactivate.com ([24.15.133.36]) by mail.rdc1.sdca.home.com (InterMail vM.4.01.02.00 201-229-116) with ESMTP id <20000613164908.MCFL28251.mail.rdc1.sdca.home.com@interactivate.com>; Tue, 13 Jun 2000 09:49:08 -0700 Message-ID: <39466731.3C2890C@interactivate.com> Date: Tue, 13 Jun 2000 09:54:09 -0700 From: Lawrence Sica Organization: Interactivate, Inc X-Mailer: Mozilla 4.73 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: netbios References: <862568FD.0046A112.00@MCSMTP.MC.VANDERBILT.EDU> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org George.Giles@mcmail.vanderbilt.edu wrote: > > I have closed all ports except 21, 22 using ipfw. I find on scanning a port 139 > open called NETBIOS. How do I close? > > Please advise, > well if you closed the ithers then do it the same way. you'll want to close ports 137-139 though. ipfw add deny tcp from any to 137-139 That is a quick simple way to do it. You should also man ipfw for all the information on ipfw though. Are there windows machines connecting to that box? If so it is most likely that, otherwise it may be someone looking for windows boxes. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message