Firewall Wizards mailing list archives
Re: RE: Help w/ Port 137 Traffic
From: Luca Berra <bluca () comedia it>
Date: Mon, 14 Oct 2002 08:50:14 +0200
On Sun, Oct 13, 2002 at 02:40:59PM -0400, R. DuFresne wrote:
depending upon the kinda of windows OS' behind your firewall, you might wish to add 135-139, tc and udp, as well as 445, and 1433,1434. Of course
if you really want to block outgoing traffic from workstation put a proxy in the middle....
I have to add one clarification to the scenario and apologize for not including this up front: could running Samba (as a master browser/file server - not domain controller) be the source of the problem? Are there some outbound ports I should be blocking when (I assume) Samba announces itself periodically as the master browser?
samba announces itself periodically on the broadcast address of all connected interfaces and to addresses specified with the 'remote announce' smb.conf parameter. I don't believe samba uses netbios-ns lookups to resolve remote hosts connecting, but anyway noone should be connecting to your samba server from outside. as a last note i am also getting many probes on port 137 and 139, but they seem unrelated, i might try answering to netbios-ns lookups and see what happens, if i find a smaller beast than samba to use, that is. L. -- Luca Berra -- bluca () comedia it Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Help w/ Port 137 Traffic, (continued)
- Re: Help w/ Port 137 Traffic Mikael Olsson (Oct 13)
- Re: Help w/ Port 137 Traffic Vincent Haverlant (Oct 15)
- Re: Help w/ Port 137 Traffic Frederick M Avolio (Oct 13)
- RE: Help w/ Port 137 Traffic Mike McCandless (Oct 13)
- RE: RE: Help w/ Port 137 Traffic Stefan Norberg (Oct 13)
- RE: RE: Help w/ Port 137 Traffic Frank Knobbe (Oct 13)
- RE: RE: Help w/ Port 137 Traffic Stefan Norberg (Oct 14)
- RE: RE: Help w/ Port 137 Traffic Stefan Norberg (Oct 13)
- Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 13)
- Re: RE: Help w/ Port 137 Traffic Devdas Bhagat (Oct 14)
- Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Luca Berra (Oct 14)
- RE: RE: Help w/ Port 137 Traffic Bill Royds (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Mikael Olsson (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Richard Sharpe (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Mikael Olsson (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Richard Sharpe (Oct 14)
- Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 14)