Date: Wed, 03 Nov 1999 01:41:38 -0800 From: "Ronald F. Guilmette" <rfg@monkeys.com> To: freebsd-questions@freebsd.org Subject: ipfw and firewall questions - getting some strange packets Message-ID: <10193.941622098@segfault.monkeys.com>
next in thread | raw e-mail | index | archive | help
I recently configured and installed a fresh FreeBSD 3.3 kernel (with
the firewalling stuff enabled) on one system I own, and I've been
slowly tuning my firewall rule set for this box so that I'm won't
be getting lots and lots of log messages about unimportant and/or
unsuspicious events.
I started from the "simple" firewall rule set in the /etc/rc.firewall
file, but I've made a number of adjustments for stuff that I know
is coming from trusted outside hosts.
Still, I'm getting a fair number of log messages about denied packets...
perhaps 100 a day.
Most of these seem to fall into two categories:
1) TCP Packets that are marked as `fragments'.
2) UDP Packets coming from all sorts of different hosts and that are
directed to my port 137.
Should I be concerned about either of these categories of strange stuff?
Or should I be allowing them thrw the firewall? Or should I perhaps just
be silently discarding them without making syslog entries for them?
If these things are entirely benign, then I'll just open holes in the
firewall for them. But I don't even understand what they are.
Is it OK to allow TCP packet `fragments' thru?
What exactly is the `netbios-ns' service (UDP & TCP port 137), and why are
so many people trying to query mine, even though I don't have one, and
have never had one (at least as far as I know)? Are these queries signs
of nefarious and/or unsavory activities on the part of the senders? Or
is this just one more symptom of Microsoft-induced brain damage?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10193.941622098>