[luau] MonMotha Firewall question

Jaymes Schooler jimsch at ichgroup.com
Mon Aug 18 07:31:00 PDT 2003


Here ya go...works for me.

port 135 is rpc (remote procedure call) related.  used extensively with
active directory and other useless parts of windows

Try this in IP Chains
-A input -s 0/0 -d 0/0 135 -p tcp -j -y DENY

this will drop all packets destined to or from a source port 135


restart ipchains and your off and running

-----Original Message-----
From: luau-admin at videl.ics.hawaii.edu
[mailto:luau-admin at videl.ics.hawaii.edu]On Behalf Of MonMotha
Sent: Sunday, August 17, 2003 10:18 AM
To: luau at videl.ics.hawaii.edu
Subject: Re: [luau] MonMotha Firewall question


Ben Beeson wrote:
> Aloha,
>
> 	I am currently running -pre9 on a single machine that I am using as my
sole
> connection to the internet. (I used to run behind a router + firewall, but
> that got packed up and moved to California recently.)  Anyway, I am now
> seeing a bunch of entries in my console logs related to port 135 scans.
> (Blaster worm???)  My /etc/services doesn't list port 135, so I went
googling
> and discovered that port 135 appears to be active directory related.  I
don't
> think I need that for my Linux box....   Is there an easy way to just drop
> those port 135  packets dead on the floor and forget about them?  Is this
a
> good idea?  Any ideas would be greatly appreciated.
>
> Mahalos,
>
> Ben


See the BLACKHOLE option, then set the policy on it to "DROP".

--MonMotha

_______________________________________________
LUAU mailing list
LUAU at videl.ics.hawaii.edu
http://videl.ics.hawaii.edu/mailman/listinfo/luau




More information about the LUAU mailing list