Date: Wed, 10 Nov 1999 12:10:29 +0300 From: Vladimir Dubrovin <vlad@sandy.ru> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: freebsd-security@freebsd.org Subject: Re[2]: Port 137 hitting my server Message-ID: <13507.991110@sandy.ru> In-Reply-To: <86u2mvgrll.fsf@localhost.hell.gr> References: <86u2mvgrll.fsf@localhost.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Giorgos Keramidas, 10.11.99 2:41, you wrote: Port 137 hitting my server; G> Larry Sica <larry@interactivate.com> writes: >> actually the only thing i'd want to do is get rid of the annoying log >> messages. How could i tell syslog not to log that particular things (this >> is veering offt opic now i think) G> I am assuming that you're using ipfw here, and that you have a rule G> looking something like: G> 0600 deny log from any to any 137 via if0 If you're so scared about UDP 137 use something like 0600 unreach port udp from any 137 to any 137 ... 0610 deny log udp from any to any 137 ... It's better use unreach instead of deny since some servers (not all) will wait for name resolution before sending data and "deny" will slow down you browsing, because server will wait until timeout. NetBIOS always uses 137 as both source and destination ports, if source port is different from 137 then someone is trying to fingertip your network. G> or close to this. Remove the 'log' keyword and you're done with G> logging of these packets. +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13507.991110>