I had the same problem. I now use xinetd and use the bind option for services I don't want exposed to the external interface.
> -----Original Message----- > From: stef [mailto:stef]On Behalf Of Stefan Srdic > Sent: Sunday, December 24, 2000 5:10 PM > To: [email protected] > Subject: Using SAMBA through the TCP wrappers > > > When I installed my system I decided to install the SAMBA > server and use > it through the inet super daemon. From what the installation > instructions said, the SAMBA server will remain dormant > untill it hears > traffic on the NetBIOS ports. > > I installed PortSentry the other night and was testing it over at > www.grc.com, I found that with the SAMBA server running it left my > computer open to NetBIOS attacks. I know that I could simply add the > following lines to my firewall script to disallow NetBIOS packets > through my external interface (eth0): > > /sbin/ipchains -A input -i eth0 -p tcp -s 0.0.0.0/0 137:139 -j REJECT > /sbin/ipchains -A input -i eth0 -p udp -s 0.0.0.0/0 137:139 -j REJECT > > This would prevent NetBIOS packets from sneaking through my external > interface. I also want to ensure that the SAMBA server will no longer > listen for NetBIOS packets on my external interface. > > How do I configure the inetd.conf file or the HOSTS.* files > so that the > SAMBA server will no longer listen for NetBIOS packets on my external > interface? > > Stefan > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED]
