[CS-FSLUG] Net-bios/file-sharing "attack"
Tim Young
Tim.Young at LightSys.org
Wed Oct 12 08:43:41 CDT 2005
Hi Ed,
There are a number of things you can do to get rid of those. One, of
course, is to install a personal firewall on the xp box and block all
outgoing port 137 and 138 traffic. ;) Of course, you will live with the
consequences.
Port 137 is the netbios name service. It is used as a fall-back
mechanism if the xp box cannot resolve the name through DNS. Win9x and
winNT computers used this first, and DNS was used as a fall-back. The
order was reversed for 2000 and XP. One way to solve this issue is to
have dynamic DNS turned on on whatever you use to serve DHCP. Most
likely, you are using your DHCP provided by your DLS router, which
usually does not do DDNS. You could disable DHCP on the router and serve
it from your Linux box.
Port 138 is the netbios datagram service. It is used when building the
network neighborhood. Samba, if configured as a "browse master" will
also generate traffic on this port. By disabling this, you would
basically no longer be able to browse the network neighborhood. You
would be able to have a shortcut that would take you directly to a
computer, but you would not be able to see a list of all computers on
the net. There have been options to disallow the computer from
broadcasting it's existance oto the whole network, but that seems to
come and go on various versions and patch-levels.
- Tim Young
Ed Hurst wrote:
>DSL is mucho fast, but all is not paradise. My wife's XP box is pinging
>away on my firewall at ports 136-138. It's not a threat, but it piles up
>fat logs. Anyone know how we can tell her XP box to quit?
>
>
>
More information about the Christiansource
mailing list