I know that MY ISP doesn't block 137-139 - I run an IPCop box and the logs are ALWAYS full of hits on those ports. :/
Jim Hale --- 'The OS Tells The PC What To Do With Itself" - Me, 1990 --- Visit Our MIDI & Digital Audio Website at http://hale.dyndns.org -----Original Message----- From: [EMAIL PROTECTED] [mailto:redhat-list-admin@;redhat.com] On Behalf Of Michael H. Warfield Sent: Friday, November 01, 2002 10:49 PM To: [EMAIL PROTECTED] Subject: Re: Hacking attempts from Sweden. On Fri, Nov 01, 2002 at 06:34:13PM -0600, Ed Wilts wrote: > On Sat, Nov 02, 2002 at 12:01:54AM +0100, linux power wrote: > > If yo have a firewall rember to close the netbios ports 137-139 . > The default rule for any firewall should always to block *everything*. > Then open up only those ports that you absolutely need and then if you > can, restrict them to certain source addresses. > Many major ISPs here in the USA block 137-139 by default. I couldn't > open it if I wanted to (and I certainly don't). I'm afraid they don't. I'm afraid that even the ones that DID after NIMDA and Code Red (a few of the broadband and DSL providers) no longer are, for some DAMN reason. I run a "dark network". A research network of over 25,000 IPv4 addresses which are nothing more than /dev/null sinks for packets. I'm now seeing close to one MILLION packets a day for port 137/udp thanks to Microsoft and Opaserv and related ilk. Over half are from US sites... I know of NO major US ISP which is systematically and uniformly blocking those ports. GOD! I wish it were true. We NEED to cut off ALL Micro$oft protocols at the core routers. That's ports 135-139 plus 445 udp and tcp and BOTH outbound and inbound - SRC and DST ports. It ranks right up there with anti spoofing rules which state that you do not route in what you would not route out. Ain't happening... Even though the later is even in an IETF best practices... It just ain't happening... Sigh... > .../Ed > -- > Ed Wilts, Mounds View, MN, USA > mailto:ewilts@;ewilts.org > Member #1, Red Hat Community Ambassador Program Mike -- Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
