[CS-FSLUG] Net-bios/file-sharing "attack"
Ed Hurst
ehurst at asisaid.com
Wed Oct 12 09:51:21 CDT 2005
Frank Bax wrote:
>>DSL is mucho fast, but all is not paradise. My wife's XP box is pinging
>>away on my firewall at ports 136-138. It's not a threat, but it piles up
>>fat logs. Anyone know how we can tell her XP box to quit?
>
> Are you sure it's not 137-139? These are ports related to "Win98 network
> neighborhood", "WinXP my neighbourhood places", or Linux Samba.
Correction: 137 & 138, along with some odd stuff regarding ports 67 &
68. After further examination, I realize what I'm seeing are broadcasts
from her machine to all points within our virtual LAN on SBC. Samples:
Oct 11 22:24:40 crunch kernel: ipfw: 900 Deny UDP 192.168.1.64:138
192.168.1.255:138 in via rl0
Oct 12 07:59:36 crunch kernel: ipfw: 900 Deny UDP 192.168.1.64:68
255.255.255.255:67 in via rl0
Parsing: "crunch" is my machine; "ipfw" is the firewall; "900" is the
rule number. Default rule is deny. Her machine IP is currently
192.168.1.64. I regard the 192.168.1.255 IP as a broadcast masq for our
"local" netblock, much as 255.255.255.255 is a much broader masq. Am I
wrong?
If not, I'm seeing the results of some settings that are somewhat
promiscuous, simply reflected on my firewall logs because mine is one IP
(192.168.1.65) targeted by those broadcasts.
--
Ed Hurst
-----------
Applied Bible -- http://ed.asisaid.com/bible/index.html
Plain & Simple Computer Help -- http://ed.asisaid.com/
Plain Package blog -- http://ed.asisaid.com/blog/
More information about the Christiansource
mailing list