From: James <wireless@tampabay.rr.com> To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] blocking netbios-ssn rule? Date: Fri, 18 Aug 2006 19:24:54 +0000 (UTC) [thread overview] Message-ID: <loom.20060818T212303-706@post.gmane.org> (raw) Hello, My iptables based firewall seem to be working, However, I keep getting triplets of this activity: source dest. proto info rouge.ip www.me.com tcp -- gentoo-user@gentoo.org mailing list
WARNING: multiple messages have this Message-ID (diff)
From: James <wireless@tampabay.rr.com> To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] OT: A netbios-ssn blocking rule? Date: Fri, 18 Aug 2006 19:59:59 +0000 (UTC) [thread overview] Message-ID: <loom.20060818T212303-706@post.gmane.org> (raw) Message-ID: <20060818195959.jUILNN3i-sGPxKTzApfUGO4ElFSks9xM96MZZV2dDoA@z> (raw) Hello, My iptables based firewall seem to be working, However, I keep getting triplets of this activity: Problem (2286 > netbios-ssn) source dest. proto info curious.ip www.me.com tcp 2286 > netbios-ssn Seq=0 Len=0 MSS=1460 www.me.com curious.ip tcp netbios-ssn > 2286 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0 Any ideas on a rule to drop these requests to my web server? similarly I see the same thing except the info section is slightly different: similar problem (2469 > microsoft-ds) rouge.ip www.me.com tcp 2469 > microsoft-ds Seq=0 Len=0 MSS=1460 and the response from my firewall is simialr www.me.com rouge.ip tcp microsoft-ds > 2469 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0 Other problems are (info section is only difference) epmap > 3081 3081 > epmap Each of these appear in tripplets... and seem useless. Are they part of something stupidly done by microsoft? I think not because they occur quite frequently, almost systematcially, leading me to suspect they are part of nefarious activities? The only change is the port numbers (2286; 2469; 3081) and the source IP address change after each triplet of queries. Any ideas, information and iptables rules to silently drop these queries are most welcome. I see them all day long. James -- gentoo-user@gentoo.org mailing list
next reply other threads:[~2006-08-18 19:42 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2006-08-18 19:24 James [this message] 2006-08-18 19:59 ` [gentoo-user] OT: A netbios-ssn blocking rule? James 2006-08-18 21:43 ` Daniel Iliev 2006-08-21 4:11 ` [gentoo-user] " James 2006-08-23 21:33 ` Daniel Iliev 2006-08-23 21:46 ` gentuxx 2006-08-24 1:36 ` Daniel Iliev
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=loom.20060818T212303-706@post.gmane.org \ --to=wireless@tampabay.rr.com \ --cc=gentoo-user@lists.gentoo.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox