Mailinglist Archive: opensuse-security (670 mails)

["Erwin Zierler - stubainet.at" <erwin.zierler@xxxxxxxxxxxx>]

Hi,
as someone else already suggested: RTFM (read the fu**ing manual).
This is not an arrogant statement but a totally normal advice - it's
been this way since the early days of the internet (as I remember it).

You really need to read about networking, protocols and services if
you are serious about firewalls and security in general. Without a basic
knowledge it will be very frustrating to try and get things working.

To answer your question: it is a good idea to block netbios traffic
(137-139 TCP and UDP) trying to access anything else but your local LAN.

 Erwin

---
BLeonhardt@xxxxxxxxxxx wrote:

> Ok,
>
> so thank's for all your answers ... it's working now ...
>
> ... but today something strange is happend ...
>
> the host tried to make a connection to an unknown IP on port 137 ( UDP )
> ... why that ?
> ... usually Port 137 ( UDP ) is :
>
> netbios-ns      137/tcp                 # NETBIOS Name Service
> netbios-ns      137/udp                 # NETBIOS Name Service
>
> ... here the log-entry :
>
> Nov 28 12:26:22 linux-box kernel: OPEN: 192.168.10.60 -> 213.6.48.154 UDP,
> port:137 -> 137
>
> ... anybody an idea ??? should I deny any connections from host to internet
> on this port ???
>
> Mit freundlichen Grüßen
> Bruno Leonhardt
>
> CLP Domino R5 Systemadministrator
> ________________________________________________________________________________________________________
>
> AnalyTek Systemhaus
> Hospitalstr. 2a
>
> D-65589 Hadamar
>
> Tel.: 06433/81403-15
> Fax : 06433/81403-40


--
Erwin Zierler | web- / host- / postmaster - stubainet.at
              | erwin.zierler@xxxxxxxxxxxx / webmaster@xxxxxxxxxxxx
              | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91