[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] IPChains question

Subject: Re: [cobalt-security] IPChains question
From: "Nico Meijer" <nico.meijer@xxxxxxxxx>
Date: Thu, 12 Apr 2001 21:57:26 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Carrie,

> I've decided I'm tired of seeing all of these port 137 connections
> from idiots thinking I run a Linux box, and I just want to block
> anything from coming in to that port.

Yes, good call!

I'd recommend DENYing 137 thru 139; all Wintendo type of stuff:
"--destination-port 137:139"

> My question is, how do I stop ALL incoming packets on 137, not just
> from one IP?

Instead of "192.168.0.1" say "0/0". I believe this even blocks localhost.

I'm still searching for an update of my favorite ipchains script(s)
(langistix.com, anyone?). I have an older version I use on masquerading
machines, which I would of course be glad to send you off list if you like.
It's three great starter scripts, actually.

Good luck blocking... Nico

References:
- [cobalt-security] POP before SMTP
  - From: Joe Llewelyn
- Re: [cobalt-security] POP before SMTP
  - From: Robert Brownback
- [cobalt-security] IPChains question
  - From: Carrie Bartkowiak

Prev by Date: [cobalt-security] IPChains question
Next by Date: RE: [cobalt-security] IPChains question
Previous by thread: [cobalt-security] IPChains question
Next by thread: Re: [cobalt-security] IPChains question

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index