On Fri, Nov 01, 2002 at 06:34:13PM -0600, Ed Wilts wrote: > On Sat, Nov 02, 2002 at 12:01:54AM +0100, linux power wrote:
> > If yo have a firewall rember to close the netbios ports 137-139 .
> The default rule for any firewall should always to block *everything*.
> Then open up only those ports that you absolutely need and then if you
> can, restrict them to certain source addresses.
> Many major ISPs here in the USA block 137-139 by default. I couldn't
> open it if I wanted to (and I certainly don't).
I'm afraid they don't. I'm afraid that even the ones that
DID after NIMDA and Code Red (a few of the broadband and DSL providers)
no longer are, for some DAMN reason.
I run a "dark network". A research network of over 25,000
IPv4 addresses which are nothing more than /dev/null sinks for packets.
I'm now seeing close to one MILLION packets a day for port 137/udp
thanks to Microsoft and Opaserv and related ilk. Over half are from
US sites... I know of NO major US ISP which is systematically and
uniformly blocking those ports. GOD! I wish it were true. We NEED
to cut off ALL Micro$oft protocols at the core routers. That's ports
135-139 plus 445 udp and tcp and BOTH outbound and inbound - SRC and DST
ports. It ranks right up there with anti spoofing rules which state
that you do not route in what you would not route out. Ain't happening...
Even though the later is even in an IETF best practices... It just
ain't happening... Sigh...
> .../Ed
> --
> Ed Wilts, Mounds View, MN, USA
> mailto:ewilts@;ewilts.org
> Member #1, Red Hat Community Ambassador Program
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
msg93517/pgp00000.pgp
Description: PGP signature
