On Sun, Oct 13, 2002 at 02:40:59PM -0400, R. DuFresne wrote: > > >depending upon the kinda of windows OS' behind your firewall, you might >wish to add 135-139, tc and udp, as well as 445, and 1433,1434. Of course if you really want to block outgoing traffic from workstation put a proxy in the middle.... >> I have to add one clarification to the scenario and apologize for not >> including this up front: could running Samba (as a master browser/file >> server - not domain controller) be the source of the problem? Are there >> some outbound ports I should be blocking when (I assume) Samba announces >> itself periodically as the master browser? samba announces itself periodically on the broadcast address of all connected interfaces and to addresses specified with the 'remote announce' smb.conf parameter. I don't believe samba uses netbios-ns lookups to resolve remote hosts connecting, but anyway noone should be connecting to your samba server from outside. as a last note i am also getting many probes on port 137 and 139, but they seem unrelated, i might try answering to netbios-ns lookups and see what happens, if i find a smaller beast than samba to use, that is. L. -- Luca Berra -- blucaat_private Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \ _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 05:33:32 PDT