Netbios port 139
Michael H. Warfield
mhw at wittsend.com
Wed Feb 9 16:18:14 GMT 2000
On Thu, Feb 10, 2000 at 03:09:24AM +1100, Diego Cimarosa wrote:
> On http://grc.com/default.htm
> I've found some bad news on the above service.
> It's true that if your windows network expose shared resources AND it is
> connect to Internet it can be bombed
> by hacker's attacks ?
> If yes, how to prevent it thru Linux-Samba ?
Very simply... Put a Linux firewall between you and the big bad
internet and block all inbound and outbound traffic UDP and TCP for
ports from 135-139 and thrown 445 in for good measure. You can run
Samba on that box if you like and let the firewall protect it or configure
it to only bind to the inside interface. You can configure the box to be
a NAT (Masquerading) box if you are short on IP addresses and want to
map a bunch of system out to the outside.
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
More information about the samba
mailing list