Re: netbios-ssn

From: Nick Thompson (nthompso@cae.wisc.edu)
Date: 12/19/02

  • Next message: Michael Litterak: "Re: firewall and DMZ" 
    From: "Nick Thompson" <nthompso@cae.wisc.edu>
To: <security-discuss@linuxsecurity.com>
Date: Thu, 19 Dec 2002 08:31:10 -0500

    For all those trying to setup iptables, check out a firewall script setup
    call "pmfirewall" (http://www.pointman.org/PMFirewall/) . Although
    pmfirewall is setup to use ipchains (which is sufficient for what all of you
    are asking), the rules it sets up are specifically geared for those of you
    (and myself) running an internal network with dhcp, samba, web server, etc
    but want to block anything from outside (including netbios "snooping").

    The script lets you specifically allow certain IP addresses (ie time servers
    sending udp packets) to come in, and variable levels of logging.

    Install pmfirewall, run the install script which will prompt you for several
    questions about your network, which adapters are internal & external, and
    what services you want to allow. Then it generates its own scripts which
    you can modify afterwards. It even sets itself up in the init scripts
    directory to start automatically at bootup if desired. Very easy to
    understand the resulting scripts and they're commented very very well.

    I'm even using IPsec behind my firewall to tunnel outside to my office VPN.
    Works great (with a little tweaking of the pmfirewall scripts).

    ----- Original Message -----
    From: "paras" <paras@bajranet.com.np>
    To: <security-discuss@linuxsecurity.com>
    Sent: Thursday, December 19, 2002 7:44 AM
    Subject: netbios-ssn

    > hi all
    >
    > I have samba server running as a domain controller for my company.
    > now i want this server to be secure. how do i make DROP or DNEY to outside
    > world and allow for my internal users. i did as:
    >
    > iptables -A INPUT -s 198.168.2.0 -p tcp --destination-port 139 -j ACCEPT
    > iptables -A INPUT -s 0.0.0.0 -p tcp --destination-port 139 -j DROP
    > iptables -A INPUT -s 198.168.2.0 -p udp --destination-port 139 -j ACCEPT
    > iptables -A INPUT -s 0.0.0.0 -p udp --destination-port 139 -j DROP
    >
    >
    > where 192.168.2.0 is my internal network.
    >
    >
    > I am not sure wheather this is working or not.how can test this?. is there
    > any better way to be more secure to this port netbios-ssn.?
    >
    >
    > Thanks
    > Paras.
    > ------------------------------------------------------------------------
    > To unsubscribe email security-discuss-request@linuxsecurity.com
    > with "unsubscribe" in the subject of the message.
    >
    >
    >

    ------------------------------------------------------------------------
         To unsubscribe email security-discuss-request@linuxsecurity.com
             with "unsubscribe" in the subject of the message.