Re: Annoying Port 135 Connection Attempts
On Sun, Aug 31, 2003 at 06:22:52PM -0400, Mark Hammer wrote:
> I am getting many connection attempts to my port 135 from outside.
> They appear to be coming from other dialin connections to my ISP.
> This is the port that micro$loth left open to attack, which the
> MSblaster worm has been using.
>
> I know that my linux box isn't vulnerable, and that I've got
> nothing listening to the port. But each of these connection
> attempts is triggering my diald to stay connected, so it is major
> annoying.
>
> Is there an obvious way to stop these attempts? Or is there a way
> to modify my /etc/diald/diald.defaults filters? Here is what I
> have done, which is admittedly simplistic:
>
> # I commented out the standard.filter include statement above,
> # since it was setting timeouts of 30 seconds for DNS lookups
> # (udp.domain), and 120 seconds for HTTP (tcp.www). This is too
> # short for web browsing, so I blanket changed everything to:
> # For any UDP, give 5 more minutes up time. For TCP, 20 minutes.
> accept udp 300 any
> accept tcp 1200 any
This may not help you since I have dsl and I'm connected all the time
but it sure helped me:
iptables -I INPUT -p tcp --dport 135 -j DROP
--
"Anarchism is founded on the observation that since few men are wise
enough to rule themselves, even fewer are wise enough to rule others."
-- Edward Abbey
Rick Pasotto rick@niof.net http://www.niof.net
Reply to: