1 |
James wrote: |
2 |
>> Daniel Iliev <danny <at> ilievnet.com> writes: |
3 |
>> |
4 |
> |
5 |
> |
6 |
> My iptables based firewall seem to be working, However, I keep getting triplets |
7 |
> of this activity: |
8 |
> |
9 |
> curious.ip www.me.com tcp 2286 > netbios-ssn Seq=0 Len=0 MSS=1460 |
10 |
> www.me.com curious.ip tcp netbios-ssn > 2286 [RST, ACK] Seq=0 Ack=1 |
11 |
> Win=0 Len=0 |
12 |
> |
13 |
> similar problem (2469 > microsoft-ds) |
14 |
> Other problems are (info section is only difference) epmap > 3081 |
15 |
> |
16 |
> |
17 |
> |
18 |
> |
19 |
>> "iptables -A INPUT -p tcp --dport microsoft-ds -j DROP" ( < the packets |
20 |
>> have destination the FW itself) |
21 |
>> "iptables -A FORWARD -d *target-PC* -p tcp --dport microsoft-ds -j DROP" |
22 |
>> ( < the packets have destination the "target-PC". ) |
23 |
>> |
24 |
> |
25 |
> |
26 |
> Your advice is working, beautiful |
27 |
> |
28 |
> Much Thanks! |
29 |
> |
30 |
> |
31 |
> James |
32 |
> |
33 |
> |
34 |
> |
35 |
> |
36 |
I'm not sure if get this message right, but if it is a question how to |
37 |
deal with packets like these: |
38 |
|
39 |
>curious.ip www.me.com tcp 2286 > netbios-ssn Seq=0 Len=0 MSS=1460 |
40 |
>www.me.com curious.ip tcp netbios-ssn > 2286 [RST, ACK] Seq=0 Ack=1 |
41 |
|
42 |
the answer is: Add the same rules, but replace "microsoft-ds" with "netbios-ssn" or the corresponding number from /etc/services. Those rules would look like: |
43 |
"iptables -A INPUT -p tcp --dport netbios-ssn -j DROP" |
44 |
it's the same as: |
45 |
"iptables -A INPUT -p tcp --dport 139 -j DROP" |
46 |
|
47 |
And if the target is not the FW: |
48 |
iptables -A FORWARD -d *target-PC* -p tcp --dport netbios-ssn -j DROP |
49 |
or |
50 |
iptables -A FORWARD -d *target-PC* -p tcp --dport 139 -j DROP |
51 |
|
52 |
|
53 |
It seems that you want to stop the ms netbios activity. The ports used |
54 |
for this service are 137,138,139 and 445 so the rule-set could be |
55 |
something like this: |
56 |
|
57 |
iptables -A FORWARD -d *target-PC* -p tcp --dport 445 -j DROP |
58 |
iptables -A FORWARD -d *target-PC* -p tcp --dport 137:139 -j DROP |
59 |
|
60 |
or |
61 |
|
62 |
iptables -A INPUT -p tcp --dport 445 -j DROP |
63 |
iptables -A INPUT -p tcp --dport 137:139 -j DROP |
64 |
|
65 |
|
66 |
|
67 |
|
68 |
-- |
69 |
Best regards, |
70 |
Daniel |
71 |
|
72 |
|
73 |
-- |
74 |
gentoo-user@g.o mailing list |