Evening list,
I've been extra preoccupied for the last couple of months.
Today I took the time to look around and noticed a huge number of /var/log/samba
messages, all of the form:
[2003/12/15 21:51:00, 1] smbd/service.c:make_connection(766)
make_connections: refusing
Nick Croft wrote:
Any help on a rule here would be much appreciated.
you have samba listening on an internet interface?
turn that one off...
I think the directive is listen on, or bind to or something.
its just not a great idea to have samba listening on an internet
interface if you can help it.
Just backing up what David said...
for example in/etc/samba/smb.conf
interfaces = 127.0.0.0/255.0.0.0 192.168.0.0/255.255.255.0
Also, block ports 137,138,139,445 udp tcp with the firewall. EG
iptables -A INPUT -i ppp0 -p udp --dport 137:139 -j DROP
iptables -A INPUT -i ppp0 -p udp --dport 445
Hi,
you should be firewalling ports 135-139 inclusive (not 137-139)
kind regards
Norman
On Tue, 16 Dec 2003, Grant Parnell wrote:
Just backing up what David said...
for example in/etc/samba/smb.conf
interfaces = 127.0.0.0/255.0.0.0 192.168.0.0/255.255.255.0
Also, block ports
On Tue, 16 Dec 2003, Torquemada wrote:
Hi,
you should be firewalling ports 135-139 inclusive (not 137-139)
Hmm probably, they're not in my /etc/services file do you know what
they're for? (ie 135 136)
Naturally I block everything and log attempts unless the customer requests
* Grant Parnell ([EMAIL PROTECTED]) wrote:
Just backing up what David said...
Also, block ports 137,138,139,445 udp tcp with the firewall. EG
iptables -A INPUT -i ppp0 -p udp --dport 137:139 -j DROP
iptables -A INPUT -i ppp0 -p udp --dport 445 -j DROP
iptables -A INPUT -i ppp0 -p tcp
On Tue, Dec 16, 2003 at 09:26:47 +1100, Grant Parnell wrote:
Hmm probably, they're not in my /etc/services file do you know what
they're for? (ie 135 136)
Port 135 is Microsoft's DCE locator service, a service similar to the
Sun RPC portmapper. It was the target of one of the recent worms.
Howdy,
everything to do with windows, just feels better blocking 135:139 and 445
ms names it for remote-procedure: 135/TCP RPC *
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q179/4/42.aspNoWebContent=1
my /etc/services file names