Re: [fw-wiz] RE: Help w/ Port 137 Traffic
From: Luca Berra (bluca@comedia.it)
Date: 10/14/02
- Next message: Stefan Norberg: "RE: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Previous message: Devdas Bhagat: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
- In reply to: R. DuFresne: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Next in thread: Bill Royds: "RE: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Reply: Bill Royds: "RE: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Reply: R. DuFresne: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Luca Berra <bluca@comedia.it> To: firewall-wizards@honor.icsalabs.com Date: Mon Oct 14 08:12:15 2002
On Sun, Oct 13, 2002 at 02:40:59PM -0400, R. DuFresne wrote:
>
>
>depending upon the kinda of windows OS' behind your firewall, you might
>wish to add 135-139, tc and udp, as well as 445, and 1433,1434. Of course
if you really want to block outgoing traffic from workstation put a
proxy in the middle....
>> I have to add one clarification to the scenario and apologize for not
>> including this up front: could running Samba (as a master browser/file
>> server - not domain controller) be the source of the problem? Are there
>> some outbound ports I should be blocking when (I assume) Samba announces
>> itself periodically as the master browser?
samba announces itself periodically on the broadcast address of all
connected interfaces and to addresses specified with the 'remote
announce' smb.conf parameter.
I don't believe samba uses netbios-ns lookups to resolve remote hosts
connecting, but anyway noone should be connecting to your samba server
from outside.
as a last note i am also getting many probes on port 137 and 139, but
they seem unrelated, i might try answering to netbios-ns lookups and see
what happens, if i find a smaller beast than samba to use, that is.
L.
-- Luca Berra -- bluca@comedia.it Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \
- Next message: Stefan Norberg: "RE: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Previous message: Devdas Bhagat: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
- In reply to: R. DuFresne: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Next in thread: Bill Royds: "RE: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Reply: Bill Royds: "RE: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Reply: R. DuFresne: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
