[luau] MonMotha Firewall question
Jaymes Schooler
jimsch at ichgroup.com
Mon Aug 18 07:31:00 PDT 2003
Here ya go...works for me.
port 135 is rpc (remote procedure call) related. used extensively with
active directory and other useless parts of windows
Try this in IP Chains
-A input -s 0/0 -d 0/0 135 -p tcp -j -y DENY
this will drop all packets destined to or from a source port 135
restart ipchains and your off and running
-----Original Message-----
From: luau-admin at videl.ics.hawaii.edu
[mailto:luau-admin at videl.ics.hawaii.edu]On Behalf Of MonMotha
Sent: Sunday, August 17, 2003 10:18 AM
To: luau at videl.ics.hawaii.edu
Subject: Re: [luau] MonMotha Firewall question
Ben Beeson wrote:
> Aloha,
>
> I am currently running -pre9 on a single machine that I am using as my
sole
> connection to the internet. (I used to run behind a router + firewall, but
> that got packed up and moved to California recently.) Anyway, I am now
> seeing a bunch of entries in my console logs related to port 135 scans.
> (Blaster worm???) My /etc/services doesn't list port 135, so I went
googling
> and discovered that port 135 appears to be active directory related. I
don't
> think I need that for my Linux box.... Is there an easy way to just drop
> those port 135 packets dead on the floor and forget about them? Is this
a
> good idea? Any ideas would be greatly appreciated.
>
> Mahalos,
>
> Ben
See the BLACKHOLE option, then set the policy on it to "DROP".
--MonMotha
_______________________________________________
LUAU mailing list
LUAU at videl.ics.hawaii.edu
http://videl.ics.hawaii.edu/mailman/listinfo/luau
More information about the LUAU
mailing list