> I am thinking that the port 135 traffic that is getting pass the firewall is > part of an established connection > If this is correct, what might running that requires responses to port 135? > Any ideas?
135 is used (as is 139) by M$ NetBios broadcast (please correct me if that's wrong). Windows broadcasts packets on these ports to advertise itself to local networks, and to discover other machines. Blocking this at the machine level will effectively diable network browsing for Windows clients. You should be able to just drop this traffic on all interfaces at the router level. Are you using a standalone machine? if so, disable windows file sharing and block all traffic to ports 135 and 139 on the router/firewall/machine. Cheers, Pete.
