Hi Carrie,
> I've decided I'm tired of seeing all of these port 137 connections
> from idiots thinking I run a Linux box, and I just want to block
> anything from coming in to that port.
Yes, good call!
I'd recommend DENYing 137 thru 139; all Wintendo type of stuff:
"--destination-port 137:139"
> My question is, how do I stop ALL incoming packets on 137, not just
> from one IP?
Instead of "192.168.0.1" say "0/0". I believe this even blocks localhost.
I'm still searching for an update of my favorite ipchains script(s)
(langistix.com, anyone?). I have an older version I use on masquerading
machines, which I would of course be glad to send you off list if you like.
It's three great starter scripts, actually.
Good luck blocking... Nico
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
