[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Why does PortSentry continue to log ports 137 and 138 even though I've told it not to?
- Subject: Re: [cobalt-security] Why does PortSentry continue to log ports 137 and 138 even though I've told it not to?
- From: "Dan" <daniel@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 1 May 2001 17:32:34 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> If you really want to ignore the samba packets you might want to use these
> rules... (To get them on, you'l have to dissable the UK2 firewall script.
or
> whatever rule is causing the log entrys to be made)
>
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:137 -p tcp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:137 -p udp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:138 -p tcp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:138 -p udp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:139 -p tcp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:139 -p udp -j DENY
>
> OR if you want to block all samba protocol to your machine instead of a
raq
> number ... try using "0.0.0.0/0.0.0.0" instead of the ip/255.255.255.255
>
> Theres no "-l" in those lines so they will be deny'd before they get to
the
> rule that is causing the log entrys currently
>
Thanks Bryan, I'll give that a go as it's different to what I've already
done! I don't use Samba so there's no need for me to use those ports for any
reason.
Dan