Re: [SLUG] scans

From: Todd Robinson (mtrob@penguix.com)
Date: Fri Dec 13 2002 - 18:33:21 EST

Next message: Ronald KA4INM Youvan: "Re: [SLUG] bogus info? LONG"
Previous message: William Coulter: "Re: [SLUG] problems with creating backups"
In reply to: Ian C. Blenke: "Re: [SLUG] scans"
Next in thread: Levi Bard: "Re: [SLUG] scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 2002-12-13 at 10:52, Ian C. Blenke wrote:

>
> iptables -A INPUT -i eth(x) -p tcp --dport 135,137:139,445 -j DROP
> iptables -A INPUT -i eth(x) -p udp --dport 135,137:139,445 -j DROP
>
> The proto/port combos you *really* need to worry about are:
>
> TCP 135 - Microsoft DCE RPC
> UDP 137 - NetBIOS name lookups
> UDP 138 - NetBIOS datagram (\\MAILSLOT browse, network neighborhood)
> TCP 139 - NetBIOS session (SMB over NetBIOS)
> TCP 445 - SMB native (no NetBIOS)
>
> Then there are the other ports, like PPTP, NetMeeting (H.323), and other
> miscellaneous listeners that make a Microsoft box a true piece of swiss
> cheese.

Might as well add 1433 to the tcp rule and 1434 to the udp one (M$
sql)((at least I get a lot of traffic for that)).

-- 
Todd Robinson <mtrob@penguix.com>

Next message: Ronald KA4INM Youvan: "Re: [SLUG] bogus info? LONG"
Previous message: William Coulter: "Re: [SLUG] problems with creating backups"
In reply to: Ian C. Blenke: "Re: [SLUG] scans"
Next in thread: Levi Bard: "Re: [SLUG] scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:17:11 EDT