Re: [SLUG] scans

From: Matt Miller (mmiller1@mptotalcare.com)
Date: Fri Dec 13 2002 - 10:08:26 EST

Next message: Ian C. Blenke: "Re: [SLUG] scans"
Previous message: Mikes work account: "RE: [SLUG] Linux Classes"
In reply to: Todd Robinson: "Re: [SLUG] scans"
Next in thread: Ian C. Blenke: "Re: [SLUG] scans"
Reply: Ian C. Blenke: "Re: [SLUG] scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 2002-12-13 at 09:05, Todd Robinson wrote:
>
> > This would drop most of it:
> >
> > iptables -A INPUT -i eth(x) -p tcp --dport 137:139 -j DROP
>
> Thanks, need another one for the udp traffic. Also not sure if you need
> to do another set for source ports. I hadn't thought of consolodating
> the rules yet, just been adding new ones as I saw them in the logs...

You are absolutely correct. That was a snafu on my part.
You could use two rules:
iptables -A INPUT -i eth(x) -p tcp --dport 137:139 -j DROP
iptables -A INPUT -i eth(x) -p udp --dport 137:139 -j DROP

-- 
Matt Miller
Systems Administrator
MP TotalCare
gpg public key id: 
08BC7B06
-- An improperly trained Samurai dies quickly.

application/pgp-signature attachment: This is a digitally signed message part

Next message: Ian C. Blenke: "Re: [SLUG] scans"
Previous message: Mikes work account: "RE: [SLUG] Linux Classes"
In reply to: Todd Robinson: "Re: [SLUG] scans"
Next in thread: Ian C. Blenke: "Re: [SLUG] scans"
Reply: Ian C. Blenke: "Re: [SLUG] scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:13:43 EDT