depending upon the kinda of windows OS' behind your firewall, you might wish to add 135-139, tc and udp, as well as 445, and 1433,1434. Of course 1080 1090 1900 5000 might not hurt to be blocked either, depending upon services running on those systems. IM fileshareing ports might well be blocked as well, at the least, 4443 1503 3574 5010 6891 7320. And of course, this is not an exhaustive list. Thanks, Ron Dufresne On Sun, 13 Oct 2002, Mike McCandless wrote: > Thanks for all the replies. The change I believe I will make in my > firewall rules is to explicitly block inbound 137-139 traffic. My > default iptables policy is to deny, and these are not ports I have > opened up, so....they should be being blocked, but an extra rule to > catch this up front won't hurt. > > I have to add one clarification to the scenario and apologize for not > including this up front: could running Samba (as a master browser/file > server - not domain controller) be the source of the problem? Are there > some outbound ports I should be blocking when (I assume) Samba announces > itself periodically as the master browser? > > > -------------------------------------------------------- > Mike McCandless > michaelat_private > > _______________________________________________ > firewall-wizards mailing list > firewall-wizardsat_private > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Sun Oct 13 2002 - 16:35:22 PDT