> > There is no valid reason to allow the SMB ports through your > > firewall. If you're interested in seeing who's attacking you, you > > could implement an Intrusion Detection System (IDS) like Snort > > (http://www.snort.org), otherwise, you should probably just put in > > the rule that Jason suggested above. > > Thank you for the reply. I have enabled just those smb ports needed for the > LAN. All others are blocked. I log all packets not explicitly blocked or > accepted. Hence, I was seeing the 135 info in my iptables log along with their > source ip info. I suspect the iptables log gives me enough information so I > probably do not need something like Snort?
Well, that depends. The iptables log will tell you what packets are coming in and from whom, but an IDS is able to analyze those packets and often let you know if you are under attack. Snort/ACID will also tell you what kind of attack you may be experiencing and give you links with information on how to defend yourself against them. ACID also gives you trending reports and such. Ben -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
