tech-security: RE: random connections on TCP port: 139

Subject: RE: random connections on TCP port: 139
To: Tony Hernadez <tony@cne-inc.com>
From: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
List: tech-security
Date: 09/11/2000 18:04:49

  by mail.netbsd.org with SMTP; 11 Sep 2000 16:03:40 -0000
	by rfhs8012.fh-regensburg.de (8.10.1/8.10.1) with ESMTP id e8BG2Z017133;
	Mon, 11 Sep 2000 18:02:36 +0200 (MET DST)
Date: Mon, 11 Sep 2000 18:04:49 +0200 (MET DST)
From: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
To: Tony Hernadez <tony@cne-inc.com>
cc: "'mipam@ibb.net'" <mipam@ibb.net>,
   "'tech-security@netbsd.org'" <tech-security@netbsd.org>
Subject: RE: random connections on TCP port: 139
In-Reply-To: <E10D54F27C6AD11196EF00600812C5CF067EAA@CNENT>
Message-ID: <Pine.GSO.4.21.0009111803470.29497-100000@rfhpc8320.fh-regensburg.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Mon, 11 Sep 2000, Tony Hernadez wrote:
> So, is there anyway to block these connects on this port on my machine ? ?
> .. I mean my /etc/hosts.deny file is getting really long now.

People will suggest you to pull out the Big Gun (ipfilter) now, but the
truth is that if you don't have any service running on port 139, the
kernel will just send back RST packets automatically. No need for Bog
Guns...


 - Hubert

-- 
Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>