Re: Masquerade hacking problem.

Sat, 02 Nov 2002 12:32:50 -0800 

At 20:50 02.11.2002, linux power said:
--------------------[snip]-------------------- 

>It seems that masqureade use netbios-ns port to broadcast for the whole
>world thats its seeking a vacant ip address.That it a major firewall
>problem in my computer because I cant close the netbios ports, and result
>in hacking attempts all the time.
--------------------[snip]-------------------- 

I don't think so, this might be a DHCP issue.

You're using iptables? Insert something like that into your firewall script:

# --------------------------------------------
# the SMB table is executed for all NetBios related traffic
# --------------------------------------------
/sbin/iptables -N SMB

# allow traffic to/from the specified IP's
/sbin/iptables -A SMB -s xxx.xxx.xxx.xxx -j ACCEPT      # xxx's machine
/sbin/iptables -A SMB -d xxx.xxx.xxx.xxx -j ACCEPT
/sbin/iptables -A SMB -s xxx.xxx.xxx.xx -j ACCEPT       # yyy's machine
/sbin/iptables -A SMB -d xxx.xxx.xxx.xx -j ACCEPT

# and kill everything else
/sbin/iptables -A SMB -j DROP

# --------------------------------------------
# the SILENTDROP table filters out all NetBios traffic
# --------------------------------------------
/sbin/iptables -N SILENTDROP

/sbin/iptables -A SILENTDROP -p tcp --dport 137 -j SMB
/sbin/iptables -A SILENTDROP -p tcp --dport 138 -j SMB
/sbin/iptables -A SILENTDROP -p tcp --dport 139 -j SMB
/sbin/iptables -A SILENTDROP -p tcp --dport 445 -j SMB
/sbin/iptables -A SILENTDROP -p udp --dport 137 -j SMB
/sbin/iptables -A SILENTDROP -p udp --dport 138 -j SMB
/sbin/iptables -A SILENTDROP -p udp --dport 139 -j SMB
/sbin/iptables -A SILENTDROP -p udp --dport 445 -j SMB

/sbin/iptables -A SILENTDROP -p tcp --sport 137 -j SMB
/sbin/iptables -A SILENTDROP -p tcp --sport 138 -j SMB
/sbin/iptables -A SILENTDROP -p tcp --sport 139 -j SMB
/sbin/iptables -A SILENTDROP -p tcp --sport 445 -j SMB
/sbin/iptables -A SILENTDROP -p udp --sport 137 -j SMB
/sbin/iptables -A SILENTDROP -p udp --sport 138 -j SMB
/sbin/iptables -A SILENTDROP -p udp --sport 139 -j SMB
/sbin/iptables -A SILENTDROP -p udp --sport 445 -j SMB


# --------------------------------------------
# insert these at the top for the INPUT, OUTPUT, and FORWARD tables
# assuming eth0 is the interface to the internet, and eth1 to internal network
# --------------------------------------------
/sbin/iptables -A INPUT -i eth1 -j SILENTDROP
/sbin/iptables -A INPUT -i eth0 -j SILENTDROP
/sbin/iptables -A OUTPUT -i eth1 -j SILENTDROP
/sbin/iptables -A OUTPUT -i eth0 -j SILENTDROP
/sbin/iptables -A FORWARD -i eth1 -j SILENTDROP
/sbin/iptables -A FORWARD -i eth0 -j SILENTDROP

Taken (and shortened) from our firewall script which seems to work
perfectly on this issue...

-- 
   >O     Ernest E. Vogelsinger                /~\ The ASCII
   (\)    ICQ #13394035                        \ / Ribbon Campaign 
    ^                                           X  Against
                                               / \ HTML Email



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to