[ale] Firewalling question

jeff_hubbs at mcgraw-hill.com jeff_hubbs at mcgraw-hill.com
Thu May 6 09:39:11 EDT 1999


I would hope that there would be a way to keep his machine(s) from showing up in
Network Neighborhood on other machines in the first place; I figure his stuff
would be harder to hack if you didn't know what the machines' names were.

- Jeff






"Michael A. Smith" <masmith at bsat.com> on 05/06/99 09:09:45 AM

Please respond to masmith at bsat.com

To:   "'Christopher R. McNabb'" <ilive at mindspring.com>, "'Gary Maltzen'"
      <maltzen at mm.com>
cc:   "'\"ALE List\"'" <ale at ale.org> (bcc: Jeff Hubbs/Tower)

Subject:  RE: [ale] Firewalling question




I think that the udp ports listed are NETBIOS related leading me to believe
that someone maybe trying to connect to your machine possibly using Samba or
clicking on your machine in Network Neighborhood on a windows machine.  The
one thing good is that they are being denied thus your rule appears to be
working...

> -----Original Message-----
> From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of
> Christopher R. McNabb
> Sent: Thursday, May 06, 1999 8:20 AM
> To: Gary Maltzen
> Cc: "ALE List"
> Subject: Re: [ale] Firewalling question
>
>
> That might be the case, Yes it is a cable modem, and lo and behold the
> techsupport at Cablevision knows NOTHING!  Mention Linux and
> they tried to
> get me off the phone saying unsupported. Bah!  Ah well, it's
> getting denied,
> so I guess I'll just ignore it.
>
> Christopher R. McNabb
> MindSpring Technical Support
> ____________________________________________
>
> http://www.mindspring.net
> http://help.mindspring.com
> http://www.mindspring.net/~web
> support at mindspring.com         800.719.4664
> crmcnabb at mindspring.net
> ____________________________________________
>
> *NOTE* ALL Requests for Technical Support
> will be redirected to support at mindspring.com
> ____________________________________________
>
>
>
> ----- Original Message -----
> From: Gary Maltzen <maltzen at mm.com>
> To: Christopher R. McNabb <ilive at mindspring.com>
> Cc: "ALE List" <ale at ale.org>
> Sent: Wednesday, May 05, 1999 5:08 PM
> Subject: Re: [ale] Firewalling question
>
>
> > Ports 137/138/139 are NetBIOS/SMB/Samba network requests.
> >
> > First guess: you've got a DSL or cable connection to the
> Internet, shared
> by
> > other users who have chosen 192.168.1 for their private
> intranet as well -
> > but they may not have firewalled their systems...
> >
> > -----Original Message-----
> > From: Christopher R. McNabb <ilive at mindspring.com>
> >
> >
> > I'm using SuSE 5.3 and have setup Firewalling and
> Masquerading.  All seems
> > to work fine, but I'm seeing strange entries in my logs.
> >
> > May  2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP
> 192.168.1.2:137
> > 192.168.1.255:137 L=78 S=0x00 I=11008 F=0x0000 T=32
> > May  2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP
> 192.168.1.2:138
> > 192.168.1.255:138 L=217 S=0x00 I=12032 F=0x0000 T=32
> > May  2 09:19:38 gateway kernel: IP fw-in deny eth0 UDP
> 192.168.1.2:138
> > 192.168.1.255:138 L=217 S=0x00 I=13056 F=0x0000 T=32
> > May  2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP
> 192.168.1.2:138
> > 192.168.1.255:138 L=244 S=0x00 I=13312 F=0x0000 T=32
> > May  2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP
> 192.168.1.2:138
> > 192.168.1.255:138 L=217 S=0x00 I=14080 F=0x0000 T=32
> > May  2 09:19:40 gateway kernel: IP fw-in deny eth0 UDP
> 192.168.1.2:138
> > 192.168.1.255:138 L=217 S=0x00 I=15104 F=0x0000 T=32
> >
> >
> > This IP 192.168.1.2 does not exist on my network.  I also see other
> entries
> > with other IP addresses.  This has started since I set the
> machine up, so
> I
> > figure it is just a config setting somewhere.  Can anyone
> help me out
> here?
> > port numbers are almost always 137 or 138, and occasionally
> 513.  Always
> > UDP.
> >
> >
> >
>
>






More information about the Ale mailing list