[CS-FSLUG] Net-bios/file-sharing "attack"

[Tim Young]

Hi Ed,
There are a number of things you can do to get rid of those. One, of 
course, is to install a personal firewall on the xp box and block all 
outgoing port 137 and 138 traffic. ;) Of course, you will live with the 
consequences.

Port 137 is the netbios name service. It is used as a fall-back 
mechanism if the xp box cannot resolve the name through DNS. Win9x and 
winNT computers used this first, and DNS was used as a fall-back. The 
order was reversed for 2000 and XP. One way to solve this issue is to 
have dynamic DNS turned on on whatever you use to serve DHCP. Most 
likely, you are using your DHCP provided by your DLS router, which 
usually does not do DDNS. You could disable DHCP on the router and serve 
it from your Linux box.

Port 138 is the netbios datagram service. It is used when building the 
network neighborhood. Samba, if configured as a "browse master" will 
also generate traffic on this port. By disabling this, you would 
basically no longer be able to browse the network neighborhood. You 
would be able to have a shortcut that would take you directly to a 
computer, but you would not be able to see a list of all computers on 
the net. There have been options to disallow the computer from 
broadcasting it's existance oto the whole network, but that seems to 
come and go on various versions and patch-levels.

- Tim Young

Ed Hurst wrote:

>DSL is mucho fast, but all is not paradise. My wife's XP box is pinging
>away on my firewall at ports 136-138. It's not a threat, but it piles up
>fat logs. Anyone know how we can tell her XP box to quit?
>
>  
>