Here ya go...works for me. port 135 is rpc (remote procedure call) related. used extensively with active directory and other useless parts of windows
Try this in IP Chains -A input -s 0/0 -d 0/0 135 -p tcp -j -y DENY this will drop all packets destined to or from a source port 135 restart ipchains and your off and running -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of MonMotha Sent: Sunday, August 17, 2003 10:18 AM To: [EMAIL PROTECTED] Subject: Re: [luau] MonMotha Firewall question Ben Beeson wrote: > Aloha, > > I am currently running -pre9 on a single machine that I am using as my sole > connection to the internet. (I used to run behind a router + firewall, but > that got packed up and moved to California recently.) Anyway, I am now > seeing a bunch of entries in my console logs related to port 135 scans. > (Blaster worm???) My /etc/services doesn't list port 135, so I went googling > and discovered that port 135 appears to be active directory related. I don't > think I need that for my Linux box.... Is there an easy way to just drop > those port 135 packets dead on the floor and forget about them? Is this a > good idea? Any ideas would be greatly appreciated. > > Mahalos, > > Ben See the BLACKHOLE option, then set the policy on it to "DROP". --MonMotha _______________________________________________ LUAU mailing list [EMAIL PROTECTED] http://videl.ics.hawaii.edu/mailman/listinfo/luau
