The solution you wrote in about in reference to Netbios through the
network is fine, (that is if you are using Cisco router). Here is an
example of the statements that need to be placed in the ACL:
This implies that ACL number 104 is bound to an inbound interface. By
doing
this you effectively only allow "good guy's" to do netbios stuff from the
outside into your network.
access-list 104 permit tcp {source IP} 0.0.0.0 {dest IP} 0.0.0.0 eq
137
access-list 104 permit udp {source IP} 0.0.0.0 {dest IP} 0.0.0.0 eq
137
access-list 104 permit tcp {source IP} 0.0.0.0 {dest IP} 0.0.0.0 eq
138
access-list 104 permit udp {source IP} 0.0.0.0 {dest IP} 0.0.0.0 eq
138
access-list 104 permit tcp {source IP} 0.0.0.0 {dest IP} 0.0.0.0 eq
139
access-list 104 permit udp {source IP} 0.0.0.0 {dest IP} 0.0.0.0 eq
139
Then you can just:
! deny port 139 - netbios-ssn
access-list 104 deny tcp any any eq 139 log
access-list 104 deny udp any any eq 139 log
! deny port 138 - netbios-dgm
access-list 104 deny tcp any any eq 138 log
access-list 104 deny udp any any eq 138 log
! deny port 137 - netbios-ns
access-list 104 deny tcp any any eq 137
access-list 104 deny udp any any eq 137
Have fun!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
