[ale] Firewalling question
Michael A. Smith
masmith at bsat.com
Thu May 6 10:05:31 EDT 1999
Cablevision actually does display machines in the "Network Neighborhood".
I don't know how they group machines into a network neighborhood because I
only have 10 but I know there are more than 10 people using Cablevisions
cable modems. Once you click on a machine, you won't see any drives or
shared files(at least in NT or using Samba in Linux). I would like to know
how they do this. It appears to be secure but who knows.......
> -----Original Message-----
> From: jeff_hubbs at mcgraw-hill.com [mailto:jeff_hubbs at mcgraw-hill.com]
> Sent: Thursday, May 06, 1999 9:39 AM
> To: masmith at bsat.com
> Cc: 'Christopher R. McNabb'; 'Gary Maltzen'; '"ALE List"'
> Subject: RE: [ale] Firewalling question
>
>
> I would hope that there would be a way to keep his machine(s)
> from showing up in
> Network Neighborhood on other machines in the first place; I
> figure his stuff
> would be harder to hack if you didn't know what the machines'
> names were.
>
> - Jeff
>
>
>
>
>
>
> "Michael A. Smith" <masmith at bsat.com> on 05/06/99 09:09:45 AM
>
> Please respond to masmith at bsat.com
>
> To: "'Christopher R. McNabb'" <ilive at mindspring.com>,
> "'Gary Maltzen'"
> <maltzen at mm.com>
> cc: "'\"ALE List\"'" <ale at ale.org> (bcc: Jeff Hubbs/Tower)
>
> Subject: RE: [ale] Firewalling question
>
>
>
>
> I think that the udp ports listed are NETBIOS related leading
> me to believe
> that someone maybe trying to connect to your machine possibly
> using Samba or
> clicking on your machine in Network Neighborhood on a windows
> machine. The
> one thing good is that they are being denied thus your rule
> appears to be
> working...
>
> > -----Original Message-----
> > From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of
> > Christopher R. McNabb
> > Sent: Thursday, May 06, 1999 8:20 AM
> > To: Gary Maltzen
> > Cc: "ALE List"
> > Subject: Re: [ale] Firewalling question
> >
> >
> > That might be the case, Yes it is a cable modem, and lo and
> behold the
> > techsupport at Cablevision knows NOTHING! Mention Linux and
> > they tried to
> > get me off the phone saying unsupported. Bah! Ah well, it's
> > getting denied,
> > so I guess I'll just ignore it.
> >
> > Christopher R. McNabb
> > MindSpring Technical Support
> > ____________________________________________
> >
> > http://www.mindspring.net
> > http://help.mindspring.com
> > http://www.mindspring.net/~web
> > support at mindspring.com 800.719.4664
> > crmcnabb at mindspring.net
> > ____________________________________________
> >
> > *NOTE* ALL Requests for Technical Support
> > will be redirected to support at mindspring.com
> > ____________________________________________
> >
> >
> >
> > ----- Original Message -----
> > From: Gary Maltzen <maltzen at mm.com>
> > To: Christopher R. McNabb <ilive at mindspring.com>
> > Cc: "ALE List" <ale at ale.org>
> > Sent: Wednesday, May 05, 1999 5:08 PM
> > Subject: Re: [ale] Firewalling question
> >
> >
> > > Ports 137/138/139 are NetBIOS/SMB/Samba network requests.
> > >
> > > First guess: you've got a DSL or cable connection to the
> > Internet, shared
> > by
> > > other users who have chosen 192.168.1 for their private
> > intranet as well -
> > > but they may not have firewalled their systems...
> > >
> > > -----Original Message-----
> > > From: Christopher R. McNabb <ilive at mindspring.com>
> > >
> > >
> > > I'm using SuSE 5.3 and have setup Firewalling and
> > Masquerading. All seems
> > > to work fine, but I'm seeing strange entries in my logs.
> > >
> > > May 2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:137
> > > 192.168.1.255:137 L=78 S=0x00 I=11008 F=0x0000 T=32
> > > May 2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=217 S=0x00 I=12032 F=0x0000 T=32
> > > May 2 09:19:38 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=217 S=0x00 I=13056 F=0x0000 T=32
> > > May 2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=244 S=0x00 I=13312 F=0x0000 T=32
> > > May 2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=217 S=0x00 I=14080 F=0x0000 T=32
> > > May 2 09:19:40 gateway kernel: IP fw-in deny eth0 UDP
> > 192.168.1.2:138
> > > 192.168.1.255:138 L=217 S=0x00 I=15104 F=0x0000 T=32
> > >
> > >
> > > This IP 192.168.1.2 does not exist on my network. I also
> see other
> > entries
> > > with other IP addresses. This has started since I set the
> > machine up, so
> > I
> > > figure it is just a config setting somewhere. Can anyone
> > help me out
> > here?
> > > port numbers are almost always 137 or 138, and occasionally
> > 513. Always
> > > UDP.
> > >
> > >
> > >
> >
> >
>
>
>
>
>
>
>
>
More information about the Ale
mailing list