Netbios port 139
Giulio Orsero
giulioo at pobox.com
Wed Feb 9 16:47:07 GMT 2000
On Thu, 10 Feb 2000 03:09:48 +1100, hai scritto:
>On http://grc.com/default.htm
>I've found some bad news on the above service.
>It's true that if your windows network expose shared resources AND it is
>connect to Internet it can be bombed
>by hacker's attacks ?
>If yes, how to prevent it thru Linux-Samba ?
If your samba box is on the same server which connects to the internet
then these are examples to block inbound SYN netbios packets.
kernel 2.0.x
# NetBIOS
$ipfwadm -I -a reject -S $any -D $masq_ip/32 137:139 -W $masq_dev -y -P
tcp -o
$ipfwadm -I -a reject -S $any -D $masq_ip/32 137:139 -W $masq_dev -y -P
udp -o
kernel 2.2.x
# NetBIOS
$ipchains -A input -s $any -d $any 137:139 -i $masq_dev -p TCP -l -j
REJECT
$ipchains -A input -s $any -d $any 137:139 -i $masq_dev -p UDP -l -j
REJECT
grc.com will report your netbios ports as "stealth".
--
giulioo at pobox.com
More information about the samba
mailing list