Howdy, everything to do with windows, just feels better blocking 135:139 and 445
ms names it for remote-procedure: 135/TCP RPC * http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q179/4/42.asp&NoWebContent=1 my /etc/services file names them: loc-srv 135/tcp epmap #Location Service loc-srv 135/udp epmap #Location Service IANA names them ditto: epmap 135/tcp DCE endpoint resolution epmap 135/udp DCE endpoint resolution profile 136/tcp PROFILE Naming System profile 136/udp PROFILE Naming System http://www.iana.org/assignments/port-numbers smbd/nmbd shouldn't? be listening on all ports on a linux server, but it doesn't hurt to block everything to do with windows inwards/outwards at the firewall :) nmap reports: PORT STATE SERVICE 137/udp open netbios-ns 138/udp open netbios-dgm 139/tcp open netbios-ssn kind regards, Norman On Tue, 16 Dec 2003, Grant Parnell wrote: > On Tue, 16 Dec 2003, Torquemada wrote: > > > > > Hi, > > > > you should be firewalling ports 135-139 inclusive (not 137-139) > > > > Hmm probably, they're not in my /etc/services file do you know what > they're for? (ie 135 & 136) > > Naturally I block everything and log attempts unless the customer requests > otherwise, I tend to add specific rules for the CIFS ports (and some > others) just to keep the noise in the logs down. -- Epsilon-6! Ph:+612 8807-4780 Fax: +612 8807-4498 E-Solutions for BSD and Linux http://www.paladincorp.com.au/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
