Gordon Rowell wrote:
> On Fri, Jul 12, 2002 at 12:39:07AM +0200, Brandon Friedman
><[EMAIL PROTECTED]> wrote:
>
>>I also notice these lines:
>>accept udp 30 udp.dest=udp.netbios-ns
>>accept udp 30 udp.source=udp.netbios-ns
>>
>>
>>They indicate to bring up the interface for netbios requests?
>>
>>Why would you want that?
>>
>
> I don't see any reason why the link should go up on Netbios requests,
> since we will block them on the incoming packet filters. However, note
> the line above:
>
> ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
>
> which will also have some effect.
However we have spoken to other people, they say they disable browse
master election in the file&print sharing option and the problem
improves alot.
Also as far as I know windows does DNS queries from port 137-139
(netbios-ns,netbios-ssn and netbios-dgm) - I think I will test these and
see what happens when I block.
To be honest Gordon, I do agree it isn't an SME problem - diald is just
too sensitive. I think with stricter rules, we should be able to control
this.
We tested last night on one site where all networked PC were off and SME
behaved itself, as soon as we brought PC up - problem started again!
Alternatively we can look at the work done by Stephen noble, where one
would force the link up as required (ie via a web page) but scheduled
mail retrieval is still allow to go through.
BTW How does fetrchmail trigger diald?
Also I notice that SME uses diald 0.9.... and the latest version
available is 1.0.1 - has anybody tried upgrading? I believe there are
quite a few bug fixes in the latest version. I have download the src rpm
and we rebuild it later today.
> The next thing is to find out whether these are the cause of your link
> going up - just because they _could_ being the link up, it doesn't mean
> that they _are_. From your previous mail, you have machines fetching
> virus patterns externally and they will also cause the link to go up.
>
> That investigation, and the conclusions you reach, will depend on
> your telephone charging regime - there is no one answer. This would
> be a great devinfo project - a flexible set of diald filters which
> catered for the various phone charging regimes.
hmmmm I'm game.....anyone-else?
> If you have suggestions for improvements, please send them
> to [EMAIL PROTECTED] along with evidence that it is a problem (i.e.
> show the log entries which show the link up caused by packet type x).
Gordon I have been looking for the logs on diald.....I doesn't seem to
track what ports activates dial?
Should I use tcpdump?
---
Regards
Brandon Friedman
Cell:083 408 7840
E-mail: [EMAIL PROTECTED]
www.bfconsult.co.za
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
