From owner-freebsd-questions  Mon Mar 26 17: 9:34 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ns1.hutchtel.net (ns1.hutchtel.net [206.9.112.100])
	by hub.freebsd.org (Postfix) with ESMTP id 3939C37B71B
	for <questions@FreeBSD.ORG>; Mon, 26 Mar 2001 17:09:32 -0800 (PST)
	(envelope-from jpaetzel@hutchtel.net)
Received: from mark9.vladsempire.net (hutch-293.hutchtel.net [206.10.67.221])
	by ns1.hutchtel.net (8.9.1/8.9.0) with SMTP id TAA25357;
	Mon, 26 Mar 2001 19:09:21 -0600 (CST)
From: Josh Paetzel <jpaetzel@hutchtel.net>
To: Rick Knebel <rknebel@uplink.net>, questions@FreeBSD.ORG
Subject: Re: firewall
Date: Tue, 27 Mar 2001 19:08:45 +0000
X-Mailer: KMail [version 1.0.28]
Content-Type: text/plain;
  charset="us-ascii"
References: <p05001900b6e574f8558d@[192.168.1.2]>
In-Reply-To: <p05001900b6e574f8558d@[192.168.1.2]>
MIME-Version: 1.0
Message-Id: <01032719094101.00297@mark9.vladsempire.net>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 26 Mar 2001, Rick Knebel wrote:
> Hi,
> I have set up a simple firewall for my home network and it seems to 
> be working fine.
> 
> I do run samba to file share with the other computers on my network.
> I recently had my IP caned for a security and it came back with the 
> following info.
> 
> 137  udp  netbios-ns  </securitytest/images/caution.gif>  open or 
> filtered  Windows 9x and Windows NT use this port to locate other 
> systems on the network with NetBIOS name lookups. Windows NT may also 
> use this port for a logon sequence, and other login security related 
> processes. Leaving this port open may allow an intruder to find an 
> entire list of computers in your workgroup.
> 
> 
> 
> 138  udp  netbios-dgm  </securitytest/images/caution.gif> open or 
> filtered  Windows 9x and Windows NT uses this port to locate other 
> systems on the network and allow users to browse folders and printers 
> on this computer. Windows may also use this port for NetLogin 
> sequences and NT Directory replication. Leaving this port open may 
> allow an intruder to find an entire list of computers in your 
> workgroup.
> 
> 
> These two ports 137 nad 138. Can they be blocked and still be able to 
> run samba?
> 
>


Yes.  Block them with the firewall to the internet.  There is no
reason to allow packets from these services out to or in from the
internet.  

Josh


   > Thanks
> Rick
> -- 
> Rick Knebel
> rknebel@uplink.net
> http://members.tripod.com/~Rick_Knebel/
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message