Gene,
Regarding your email with reference to SMB getting through chains. You need
to block the
TCP ports -> 137 through 139 as well.
Cu
AnthonyB
>Date: Wed, 17 Nov 1999 23:23:23 -0500
>From: "Gene Lee" <[EMAIL PROTECTED]>
>Subject: ipchains letting NetBIOS through?
>
>I am running a firewall using ipchains 1.3.8 on a Slackware 4.0.0 Kernel
>2.2.13. Although the kernel is compiled with SMB Filesystem enabled, I have
>disabled smbd and nmbd, and have made sure those modules are not loaded in
>the kernel.
>
>However I'm seeing some strange behaviour when I test UDP scans against my
>machine using nmap. Even though I am explicitly blocking UDP ports 137-139,
>somehow the packets still get to the stack and is reported back to nmap as
>being open. I have checked with "ipchains -C" and the packet is
demonstrated
>to be rejected, but real packets get through anyway. Checking the logs of a
>UDP strobe from 130-140, I see 130-136 and 140 being logged as rejected,
but
>nothing for 137-139. It's as if the stack sees it and responds before
>ipchains even has a chance to process it. Strange!
>
>A sample of one the ipchains rules I tried for the UDP strobe:
>
>ipchains -A input -p udp -s 0/0 -d 0/0 130:140 -l -j REJECT
>
>Has anyone seen this behaviour before?
>
>- --
>Gene Lee
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
