> -----Original Message----- > From: linux power [mailto:linuxpower2002@;yahoo.no] > Sent: Sunday, 3 November 2002 05:51 > To: redhat mail list > Subject: Masquerade hacking problem. > > > It seems that masqureade use netbios-ns port to broadcast for > the whole world thats its seeking a vacant ip address.That it > a major firewall problem in my computer because I cant close > the netbios ports, and result in hacking attempts all the time. > > Nobody told me that when they recommended masqurade. >
In case the other messages did not sink in... 1. There is no reason I can think of why you can't close those ports. In fact there is no good reason why they should be open at all. If you really DO require netbios traffic externally then use a VPN. 2. masquerade does not "use" netbios-ns. Maybe your policy allows it through. In which case your rules are wrong. The netbios-ns is either being forwarded from a local ms-windows box (you should not be allowing this) or else you have samba on your firewall configured wrongly. It should only be allowed on your local network (set in smb.conf). 3. masquerade cannot even handle netbios over tcp/ip. It is one of those nasty packet formats that require helper routines to mangle the header. As far as I know it has never been done for Linux. Certainly not for ipchains/masq. 4. Perhaps you are using a trivial firewall ruleset, which might be OK for testing things out, but not for full-time use. As others have said already, block everything and then only allow what is necessary. 5. BTW, the netbios broadcast is for a name in a workgroup, not an IP number. Cameron. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
