by mail.netbsd.org with SMTP; 11 Sep 2000 16:37:57 -0000
	id 150537B3; Mon, 11 Sep 2000 18:36:56 +0200 (CEST)
Date: Mon, 11 Sep 2000 18:36:55 +0200
From: Mipam <mipam@ibb.net>
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
Cc: Tony Hernadez <tony@cne-inc.com>,
	"'mipam@ibb.net'" <mipam@ibb.net>,
	"'tech-security@netbsd.org'" <tech-security@netbsd.org>
Subject: Re: random connections on TCP port: 139
Message-ID: <20000911183655.B437@ibb0021.ibb.uu.nl>
Reply-To: mipam@ibb.net
References: <E10D54F27C6AD11196EF00600812C5CF067EAA@CNENT> <Pine.GSO.4.21.0009111803470.29497-100000@rfhpc8320.fh-regensburg.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.GSO.4.21.0009111803470.29497-100000@rfhpc8320.fh-regensburg.de>; from hubert.feyrer@informatik.fh-regensburg.de on Mon, Sep 11, 2000 at 06:04:49PM +0200

On Mon, Sep 11, 2000 at 06:04:49PM +0200, Hubert Feyrer wrote:
> On Mon, 11 Sep 2000, Tony Hernadez wrote:
> > So, is there anyway to block these connects on this port on my machine ? ?
> > .. I mean my /etc/hosts.deny file is getting really long now.
> 
> People will suggest you to pull out the Big Gun (ipfilter) now, but the
> truth is that if you don't have any service running on port 139, the
> kernel will just send back RST packets automatically. No need for Bog
> Guns...
> 
> 

True, true of course.
But as i understood is that his hosts.deny file was going really big.
I guess then it's time starting to think on ip filter?
On the other hand, no service is running under port 139 so, no need to worry
indeed.
It remains a personal choice of course.
Bye,

Mipam.