[NCLUG] packets to port 445
Michael Milligan
milli at acmeps.com
Thu Oct 17 15:17:06 MDT 2002
mike cullerton wrote:
> hey folks,
>
> i've been seeing quite a few packets destined to tcp port 445 this
> morning. the traffic is coming from more than one ip address.
> /etc/services says microsoft-ds for this.
It's Active Directory.
>
> anyone else seeing this kind of thing?
>
Yes. Drop it at your firewall just like you do with ports 135-139...
E.g., (Netfilter w/kernel 2.4)
-----snip
#
# Do not accept any NetBIOS or PDC/BDC crap from outside
#
/sbin/iptables -A FORWARD -j DROP -i eth0 -p tcp -m multiport --dport
135,136,137,138,139,445
/sbin/iptables -A FORWARD -j DROP -i eth0 -p udp -m multiport --dport
135,136,137,138,139,445
------snip
Regards,
Mike
--
Michael Milligan -- Free Agent -- milli at acmeps.com
More information about the NCLUG
mailing list