[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Blocking SMB



also sprach Charlie Grosvenor <charlie@thegrosvenors.fsnet.co.uk> [2002.02.26.1657 +0100]:
>     I am trying to block smb going out of my network using the following
> rules.

why not also block it coming in? i'd leave out the -o ppp0 bit below.
then there's nothing that can come in and nothing to go out.

> iptables -A FORWARD -o ppp0 -p tcp --dport 135 -j REJECT
[others snipped]

why REJECT? just DROP them!

also, port 136 is not a micro$oft port.

> For some reason this is not working as http://stealthtests.lockdowncorp.com
> is able to find out information about my computer using smb for example it
> gives me my username that i used to log into windows with.

this is what stealthtest does:

fishbowl:~# tcpdump -i any -n host 216.41.20.17
tcpdump: listening on any
17:16:58.329572 216.41.20.17.137 > 217.162.222.147.137: 
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

(which i don't answer since this is a linux system), but the reply
should not pass through your rules. why don't you run the above
tcpdump line on the router/firewall and see what the stealthtests
cause. post that here...

> How can i get the blocking of smb working? Is ther a port that i should
> block that i haven't?

just blocking dports 135,137-139 tcp and udp in FORWARD, INPUT and
OUTPUT should do the trick, actually... but you never know with this
micro$oft crap...

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
3 kinds of people: those who can count & those who can't.

Attachment: pgprIzz8f3K25.pgp
Description: PGP signature


Reply to: