Re: Port 135

To: <debian-firewall@lists.debian.org>
Subject: Re: Port 135
From: "Pete Clarke" <pete@dynotechnic.co.uk>
Date: Fri, 16 Apr 2004 14:29:37 +0100
Message-id: <[🔎] 009201c423b6$dedc8330$0201a8c0@ds.mot.com>
Reply-to: "Pete Clarke" <pete@dynotechnic.co.uk>
References: <[🔎] F64493091FAC4D4DAC46261FEC19679906770CB5@xch4.ucc.ie>

> I am thinking that the port 135 traffic that is getting pass the firewall
is
> part of an established connection
> If this is correct, what might running that requires responses to port
135?
> Any ideas?

135 is used (as is 139) by M$ NetBios broadcast (please correct me if that's
wrong).
Windows broadcasts packets on these ports to advertise itself to local
networks, and to discover other machines.

Blocking this at the machine level will effectively diable network browsing
for Windows clients. You should be able to just drop this traffic on all
interfaces at the router level.

Are you using a standalone machine? if so, disable windows file sharing and
block all traffic to ports 135 and 139 on the router/firewall/machine.

Cheers,


Pete.

Reply to:

References:
- Port 135
  - From: "Hooton, Gerard" <G.Hooton@ucc.ie>

Prev by Date: Port 135
Next by Date: RE: Port 135
Previous by thread: Port 135
Next by thread: RE: Port 135
Index(es):
- Date
- Thread