-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What you are seeing are most likely NetBIOS name lookups. NT will try
to resolve an IP address to a name using DNS, and if that fails,
NetBIOS.
You're action was correct. Disable Accept Outgoing, set interface to
Eitherbound and create NBT drop/reject rules (i.e. Local-Net - Any -
NBT - Reject [I use reject against internal devices to speed to the
connection termination]). The NBT drop rule will also filter the
Explorer-type viruses that scan for open shares.
You should still review the hardening documents others pointed out.
At least disable every binding, except TCP/IP, on the external
interface (that includes disabling Workstation, Server, etc).
Regards,
Frank
> -----Original Message-----
> From: Ralf Guenthner [mailto:[EMAIL PROTECTED]]
> Sent: Friday, October 13, 2000 7:28 AM
>
> Another neat problem on an NT firewall system I "inherited":
> I noticed after
> activating the logging for the standard drop rule that the
> firewall system
> itself was talking Netbios nbname service to systems in
> Argentina, USA asf.
> I stopped that by unchecking "Accept outgoing packets" and setting
> the interface direction to "eitherbound".
>
> My question is: Why would this system do that, has it
> probably already been
> hacked? There were so many different sites it was doing the
> nbname to I
> wonder what it means?
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.
iQA/AwUBOecvIURKym0LjhFcEQKYqwCgrwKsjow/UZPRnSpIEHhli018DJMAoJ35
e0UkvnLQu1XXx7cdbsJu3Lbz
=htYp
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
