Re: Port 135 Probes Continue
From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: 12/18/03
- Previous message: NeoSadist: "Re: Port 135 Probes Continue"
- In reply to: NeoSadist: "Re: Port 135 Probes Continue"
- Next in thread: Ilari Liusvaara: "Re: Port 135 Probes Continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Dec 2003 05:25:51 GMT
On Wed, 17 Dec 2003 22:02:04 -0700, NeoSadist wrote:
> Bit Twister wrote:
>
>> On Tue, 16 Dec 2003 21:47:51 -0700, Felix Tilley wrote:
>>> Back in October, I got probed every 6 or 7 minutes on port 135. Now look
>>> at this mess. It is less than a minute on average. Things are getting
>>> worse, not better.
>>
>>
>> See what virus is hot http://www.dshield.org/
>> click other in map for others
>>
>> Just add a rule to your firewall to not log and drop the packets
>> ${IPTABLES} -A INPUT -i ${DHCP_IFACES} -p udp --dport 135 -j
>> ${REJECT_METHOD}
>
> Yeah, for any LAN without windows machines, that port could be blocked on
> every single computer. For internet, there should be no 135-139/445 port
> packets coming in, period, so those can be blocked. For local side (LAN),
> if there are windows computers, one can allow those on LAN side only, but
> still unless the Linux machine is running Samba and that service is
> actually being used, I say block those implicitly. I don't know why the
> routers on the internet don't just drop those packets, since they're a
> dangerous windows security vulnerability...
Maybe the routers with the windows OS need the port. :(
It would be better if the ISPs would notify the customer to get the
box patched.
- Previous message: NeoSadist: "Re: Port 135 Probes Continue"
- In reply to: NeoSadist: "Re: Port 135 Probes Continue"
- Next in thread: Ilari Liusvaara: "Re: Port 135 Probes Continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
