[ale] Firewalling question

Christopher R. McNabb ilive at mindspring.com
Thu May 6 09:48:44 EDT 1999 

The strange thing is, I shutdown Samba, and it still was happening.  And
it's almost once a second or more.  Of course cablevision said it was random
packets, or noise.  I dont believe it, but who the heck knows.  Everything
else works, just constant ethernet activity, the Ethernet TD light on the
cable modem was still flashing even when I halted the system too.

Chris


----- Original Message -----
 From: <jeff_hubbs at mcgraw-hill.com>
To: <masmith at bsat.com>
Cc: 'Christopher R. McNabb' <ilive at mindspring.com>; 'Gary Maltzen'
<maltzen at mm.com>; '"ALE List"' <ale at ale.org>
Sent: Thursday, May 06, 1999 9:39 AM
Subject: RE: [ale] Firewalling question


> I would hope that there would be a way to keep his machine(s) from showing
up in
> Network Neighborhood on other machines in the first place; I figure his
stuff
> would be harder to hack if you didn't know what the machines' names were.
>
> - Jeff
>
>
>
>
>
>
> "Michael A. Smith" <masmith at bsat.com> on 05/06/99 09:09:45 AM
>
> Please respond to masmith at bsat.com
>
> To:   "'Christopher R. McNabb'" <ilive at mindspring.com>, "'Gary Maltzen'"
>       <maltzen at mm.com>
> cc:   "'\"ALE List\"'" <ale at ale.org> (bcc: Jeff Hubbs/Tower)
>
> Subject:  RE: [ale] Firewalling question
>
>
>
>
> I think that the udp ports listed are NETBIOS related leading me to
believe
> that someone maybe trying to connect to your machine possibly using Samba
or
> clicking on your machine in Network Neighborhood on a windows machine.
The
> one thing good is that they are being denied thus your rule appears to be
> working...
>
> > -----Original Message-----
> > From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of
> > Christopher R. McNabb
> > Sent: Thursday, May 06, 1999 8:20 AM
> > To: Gary Maltzen
> > Cc: "ALE List"
> > Subject: Re: [ale] Firewalling question
> >
> >
> > That might be the case, Yes it is a cable modem, and lo and behold the
> > techsupport at Cablevision knows NOTHING!  Mention Linux and
> > they tried to
> > get me off the phone saying unsupported. Bah!  Ah well, it's
> > getting denied,
> > so I guess I'll just ignore it.
> >
> > Christopher R. McNabb
> > MindSpring Technical Support
> > ____________________________________________
> >
> > http://www.mindspring.net
> > http://help.mindspring.com
> > http://www.mindspring.net/~web
> > support at mindspring.com         800.719.4664
> > crmcnabb at mindspring.net
> > ____________________________________________
> >
> > *NOTE* ALL Requests for Technical Support
> > will be redirected to support at mindspring.com
> > ____________________________________________
> >
> >
> >
> > ----- Original Message -----
> > From: Gary Maltzen <maltzen at mm.com>
> > To: Christopher R. McNabb <ilive at mindspring.com>
> > Cc: "ALE List" <ale at ale.org>
> > Sent: Wednesday, May 05, 1999 5:08 PM
> > Subject: Re: [ale] Firewalling question
> >
> >
> > > Ports 137/138/139 are NetBIOS/SMB/Samba network requests.
> > >
> > > First guess: you've got a DSL or cable connection to the
> > Internet, shared
> > by
> > > other users who have chosen 192.168.1 for their private
> > intranet as well -
> > > but they may not have firewalled their systems...
> > >
> > > -----Original Message-----
> > > From: Christopher R. McNabb <ilive at mindspring.com>
> > >
> > >
> > > I'm using SuSE 5.3 and have setup Firewalling and
> > Masquerading.  All seems
> > > to work fine, but I'm seeing strange entries in my logs.
> > >
> > > May  2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:137
> > > 192.168.1.255:137 L=78 S=0x00 I=11008 F=0x0000 T=32
> > > May  2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=217 S=0x00 I=12032 F=0x0000 T=32
> > > May  2 09:19:38 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=217 S=0x00 I=13056 F=0x0000 T=32
> > > May  2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=244 S=0x00 I=13312 F=0x0000 T=32
> > > May  2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=217 S=0x00 I=14080 F=0x0000 T=32
> > > May  2 09:19:40 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=217 S=0x00 I=15104 F=0x0000 T=32
> > >
> > >
> > > This IP 192.168.1.2 does not exist on my network.  I also see other
> > entries
> > > with other IP addresses.  This has started since I set the
> > machine up, so
> > I
> > > figure it is just a config setting somewhere.  Can anyone
> > help me out
> > here?
> > > port numbers are almost always 137 or 138, and occasionally
> > 513.  Always
> > > UDP.
> > >
> > >
> > >
> >
> >
>
>
>
>
>
>
>

More information about the Ale mailing list