Re: netbios

[Sven Burgener <svenb@bluewin.ch>]

On Mon, Jul 03, 2000 at 04:16:24PM +0200, Goeman Stefan wrote:
> Hello,

Hi

[snip]
> I am a little concerned about this last line.
> >From a security course I took last week, I have found out
> that it is not wise to have the netbios open (to the rest of the
> world). I my case, it probably can't harm because I am behind our
> company firewalls. But nevertheless, I would prefer to disable this 
> feature. Does anybody knows how to do this ??

If you don't want to purge samba, yet still have those ports closed, 
you could do: (replacing ppp0 for whatever you have)

ipchains=$(which ipchains)
${ipchains} -A output -p tcp --sport 137:139 -i ppp0 -j DENY -l
${ipchains} -A output -p udp --sport 137:139 -i ppp0 -j DENY -l
${ipchains} -A input -p tcp --dport 137:139 -i ppp0 -j DENY -l
${ipchains} -A input -p udp --dport 137:139 -i ppp0 -j DENY -l

This also causes log entries to be generated upon violation of this
rule. (-l)

For more infos, see:

ipchains (8)         - IP firewall administration
ipchains-restore (8) - restore IP firewall chains from stdin
ipchains-save (8)    - save IP firewall chains to stdout

or

ipfwadm (8)          - IP firewall and accounting administration
ipfwadm-wrapper (8)  - IP firewall administration
ipfwadm.real (8)     - IP firewall and accounting administration

This surely ain't the only way to do it, but it is one way of doing it. 

The better / more secure approach would be to deny all ports and to then 
selectively open up specific ports according to your needs.

HTH'n good luck! :)
-- 
S. Burgener
Powered by Debian GNU/Linux 2.2