by mail.netbsd.org with SMTP; 11 Sep 2000 16:35:50 -0000
	id C96E17B5; Mon, 11 Sep 2000 18:05:31 +0200 (CEST)
Date: Mon, 11 Sep 2000 18:05:31 +0200
From: Mipam <mipam@ibb.net>
To: Tony Hernadez <tony@cne-inc.com>
Cc: "'mipam@ibb.net'" <mipam@ibb.net>,
	"'tech-security@netbsd.org'" <tech-security@netbsd.org>
Subject: Re: random connections on TCP port: 139
Message-ID: <20000911180531.E315@ibb0021.ibb.uu.nl>
Reply-To: mipam@ibb.net
References: <E10D54F27C6AD11196EF00600812C5CF067EAA@CNENT>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <E10D54F27C6AD11196EF00600812C5CF067EAA@CNENT>; from tony@cne-inc.com on Mon, Sep 11, 2000 at 12:05:10PM -0400

On Mon, Sep 11, 2000 at 12:05:10PM -0400, Tony Hernadez wrote:
> So, is there anyway to block these connects on this port on my machine ? ?
> .. I mean my /etc/hosts.deny file is getting really long now.
> 
> 

Dont deny them that way.
Use ip filter for this.
Make a file /etc/ipf.conf and build a logical and well overthought
rulesset for that. Rebuild your kernel with ipf logging enabled.
STart ipf with ipf -Fa -f /etc/ipf.conf -E
Or adjust your /etc/rc.conf to enable ipf in there.
Best is to take a look at the ipf pages.
Bye,

Mipam.