Probably want you want to do is disable the WINS client on the interface that's
connected to the cable modem's network. If you have IP forwarding enabled, you might
want to disable that as well (unless you're actually using it, of course).
You might also be able to figure what what the traffic is by using Network Monitor.
While I agree that browser annoucements is the most likely culprit, there are other
protocols that send broadcasts (RIP comes to mind). It's also possible that your NT
server is (or thinks it is) a master browser, and is broadcasting that information on
the VPN using the cable modem's IP address.
-----Original Message-----
From: Eric [mailto:[EMAIL PROTECTED]]
Sent: October 13, 1999 10:50
To: Jeff Younker
Cc: 'Carric Dooley'; 'The Firewalls List'
Subject: Re: Unknown internet traffic
Jeff Younker wrote:
>
> He's receiving ICMP 'administratively prohibited' messages in response to
> traffic from his machine. These ICMP messages could be generated by the
> netbios services encapsulated in TCP/IP. (Ports 137, 138, and 139 as I
> recall.)
I thought that disabling the bindings on netbios and netbeui would take
care of that. So I did an experiment and tried to connect to ports 137,
138, and 139 on my machine from another system. It got through.
I then went into the Enable Security / TCP/IP Settings dialog box and
enabled only certain TCP ports. Now, I can't connect to those ports
from the other system, but I'm still seeing the ICMP messages on the
remote router.
I really hate to set up a firewall just for the sake of one computer.
I wonder how long it will be until we can buy network cards with a
built-in firewall.
Of course, what I really don't understand is why the cable company
doesn't block the netbios traffic wherever and whenever possible.
Eric Johnson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
