[ale] Firewalling question

Michael A. Smith masmith at bsat.com
Thu May 6 10:07:50 EDT 1999


You aren't using the -l (that's an l as in linda) option in your ipfwadm
rule as I know this will log all attempts on this rule to your log file.

> -----Original Message-----
> From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of
> Christopher R. McNabb
> Sent: Thursday, May 06, 1999 9:49 AM
> Cc: '"ALE List"'
> Subject: Re: [ale] Firewalling question
>
>
> The strange thing is, I shutdown Samba, and it still was
> happening.  And
> it's almost once a second or more.  Of course cablevision
> said it was random
> packets, or noise.  I dont believe it, but who the heck
> knows.  Everything
> else works, just constant ethernet activity, the Ethernet TD
> light on the
> cable modem was still flashing even when I halted the system too.
>
> Chris
>
>
> ----- Original Message -----
> From: <jeff_hubbs at mcgraw-hill.com>
> To: <masmith at bsat.com>
> Cc: 'Christopher R. McNabb' <ilive at mindspring.com>; 'Gary Maltzen'
> <maltzen at mm.com>; '"ALE List"' <ale at ale.org>
> Sent: Thursday, May 06, 1999 9:39 AM
> Subject: RE: [ale] Firewalling question
>
>
> > I would hope that there would be a way to keep his
> machine(s) from showing
> up in
> > Network Neighborhood on other machines in the first place;
> I figure his
> stuff
> > would be harder to hack if you didn't know what the
> machines' names were.
> >
> > - Jeff
> >
> >
> >
> >
> >
> >
> > "Michael A. Smith" <masmith at bsat.com> on 05/06/99 09:09:45 AM
> >
> > Please respond to masmith at bsat.com
> >
> > To:   "'Christopher R. McNabb'" <ilive at mindspring.com>,
> "'Gary Maltzen'"
> >       <maltzen at mm.com>
> > cc:   "'\"ALE List\"'" <ale at ale.org> (bcc: Jeff Hubbs/Tower)
> >
> > Subject:  RE: [ale] Firewalling question
> >
> >
> >
> >
> > I think that the udp ports listed are NETBIOS related leading me to
> believe
> > that someone maybe trying to connect to your machine
> possibly using Samba
> or
> > clicking on your machine in Network Neighborhood on a
> windows machine.
> The
> > one thing good is that they are being denied thus your rule
> appears to be
> > working...
> >
> > > -----Original Message-----
> > > From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of
> > > Christopher R. McNabb
> > > Sent: Thursday, May 06, 1999 8:20 AM
> > > To: Gary Maltzen
> > > Cc: "ALE List"
> > > Subject: Re: [ale] Firewalling question
> > >
> > >
> > > That might be the case, Yes it is a cable modem, and lo
> and behold the
> > > techsupport at Cablevision knows NOTHING!  Mention Linux and
> > > they tried to
> > > get me off the phone saying unsupported. Bah!  Ah well, it's
> > > getting denied,
> > > so I guess I'll just ignore it.
> > >
> > > Christopher R. McNabb
> > > MindSpring Technical Support
> > > ____________________________________________
> > >
> > > http://www.mindspring.net
> > > http://help.mindspring.com
> > > http://www.mindspring.net/~web
> > > support at mindspring.com         800.719.4664
> > > crmcnabb at mindspring.net
> > > ____________________________________________
> > >
> > > *NOTE* ALL Requests for Technical Support
> > > will be redirected to support at mindspring.com
> > > ____________________________________________
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: Gary Maltzen <maltzen at mm.com>
> > > To: Christopher R. McNabb <ilive at mindspring.com>
> > > Cc: "ALE List" <ale at ale.org>
> > > Sent: Wednesday, May 05, 1999 5:08 PM
> > > Subject: Re: [ale] Firewalling question
> > >
> > >
> > > > Ports 137/138/139 are NetBIOS/SMB/Samba network requests.
> > > >
> > > > First guess: you've got a DSL or cable connection to the
> > > Internet, shared
> > > by
> > > > other users who have chosen 192.168.1 for their private
> > > intranet as well -
> > > > but they may not have firewalled their systems...
> > > >
> > > > -----Original Message-----
> > > > From: Christopher R. McNabb <ilive at mindspring.com>
> > > >
> > > >
> > > > I'm using SuSE 5.3 and have setup Firewalling and
> > > Masquerading.  All seems
> > > > to work fine, but I'm seeing strange entries in my logs.
> > > >
> > > > May  2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP
> > > 192.168.1.2:137
> > > > 192.168.1.255:137 L=78 S=0x00 I=11008 F=0x0000 T=32
> > > > May  2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP
> > > 192.168.1.2:138
> > > > 192.168.1.255:138 L=217 S=0x00 I=12032 F=0x0000 T=32
> > > > May  2 09:19:38 gateway kernel: IP fw-in deny eth0 UDP
> > > 192.168.1.2:138
> > > > 192.168.1.255:138 L=217 S=0x00 I=13056 F=0x0000 T=32
> > > > May  2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP
> > > 192.168.1.2:138
> > > > 192.168.1.255:138 L=244 S=0x00 I=13312 F=0x0000 T=32
> > > > May  2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP
> > > 192.168.1.2:138
> > > > 192.168.1.255:138 L=217 S=0x00 I=14080 F=0x0000 T=32
> > > > May  2 09:19:40 gateway kernel: IP fw-in deny eth0 UDP
> > > 192.168.1.2:138
> > > > 192.168.1.255:138 L=217 S=0x00 I=15104 F=0x0000 T=32
> > > >
> > > >
> > > > This IP 192.168.1.2 does not exist on my network.  I
> also see other
> > > entries
> > > > with other IP addresses.  This has started since I set the
> > > machine up, so
> > > I
> > > > figure it is just a config setting somewhere.  Can anyone
> > > help me out
> > > here?
> > > > port numbers are almost always 137 or 138, and occasionally
> > > 513.  Always
> > > > UDP.
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
>
>






More information about the Ale mailing list