From owner-freebsd-ipfw Sat Jan 15 18:48:17 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.rz.fh-wilhelmshaven.de (mail.rz.fh-wilhelmshaven.de [139.13.25.134]) by hub.freebsd.org (Postfix) with ESMTP id E854715007 for ; Sat, 15 Jan 2000 18:48:14 -0800 (PST) (envelope-from ohoyer@fbwi.fh-wilhelmshaven.de) Received: from fettesau.stuwo.fh-wilhelmshaven.de (stuwopc5.stuwo.fh-wilhelmshaven.de [139.13.209.5]) by mail.rz.fh-wilhelmshaven.de (8.9.3/8.9.3) with SMTP id DAA13528; Sun, 16 Jan 2000 03:48:05 +0100 (MET) Message-Id: <4.1.20000116034031.00c41170@mail.rz.fh-wilhelmshaven.de> X-Sender: ohoyer@mail.rz.fh-wilhelmshaven.de X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Sun, 16 Jan 2000 03:45:47 +0100 To: Richard Martin From: Olaf Hoyer Subject: Re: Simple router with basic firewall functionalioties Cc: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <38812B16.6431C8FE@origen.com> References: <200001160119.UAA53469@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > I also thought about a SAMBA server, to ensure compatibility to exchanga >> > data with the M$ machines running here. Any security issues? >> >> If you run Samba servers, yes. But... > >It would be a VERY good idea to block any samba traffic directed in from the >Internet. From my firewall logs, the top three types of probes we get are: Hi! Network topology as follows: INternet---University--students home gateway (Linux)---my Pc students home has a complete public class B IP range. Due to having a peer-to-peer chaotic network, mostly M$ based, we also use the normal SMB based directory services to transfer some files. > >Samba is a very chatty protocol which will propagate to the edge of the >Internet if allowed. Let a broadcast get out and you can expect to receive a >friendly reply... > >Be sure the other services are turned off if you do not specifically need >them. Yes, for sure.. >> > Is it also possible to Send/receive the "messenging service" of NT, >> > respective the "Popups"? > >Do you mean the AOL messenger service? I think that comes in as POP traffic. >Just 'allow' traffic on that port thru from the Internet. No, I mean the normal SMB based messages, like intoduced already in LAN MAnager, for in-house communication via the Netbeui/Netbios protocol (non-routable, broadcast) In Win95/NT there is the telephony/popup program, we use the Realpopup instead... Regards Olaf Hoyer -------- Olaf Hoyer www.nightfire.de mailto:Olaf.Hoyer@nightfire.de FreeBSD- The power to serve ICQ:22838075 Liebe und Hass sind nicht blind, aber geblendet vom Feuer, dass sie selber mit sich tragen. (Nietzsche) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message