also sprach Charlie Grosvenor <charlie@thegrosvenors.fsnet.co.uk> [2002.02.26.1657 +0100]: > I am trying to block smb going out of my network using the following > rules. why not also block it coming in? i'd leave out the -o ppp0 bit below. then there's nothing that can come in and nothing to go out. > iptables -A FORWARD -o ppp0 -p tcp --dport 135 -j REJECT [others snipped] why REJECT? just DROP them! also, port 136 is not a micro$oft port. > For some reason this is not working as http://stealthtests.lockdowncorp.com > is able to find out information about my computer using smb for example it > gives me my username that i used to log into windows with. this is what stealthtest does: fishbowl:~# tcpdump -i any -n host 216.41.20.17 tcpdump: listening on any 17:16:58.329572 216.41.20.17.137 > 217.162.222.147.137: >>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST (which i don't answer since this is a linux system), but the reply should not pass through your rules. why don't you run the above tcpdump line on the router/firewall and see what the stealthtests cause. post that here... > How can i get the blocking of smb working? Is ther a port that i should > block that i haven't? just blocking dports 135,137-139 tcp and udp in FORWARD, INPUT and OUTPUT should do the trick, actually... but you never know with this micro$oft crap... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck 3 kinds of people: those who can count & those who can't.
Attachment:
pgpVuSJzBQPCU.pgp
Description: PGP signature