[Dshield] Firewall or other security tool that bites back???

Johannes Ullrich jullrich at euclidian.com
Mon Nov 18 17:39:33 GMT 2002


The best idea IMHO is to call your ISP and ask them to block port
135-139 inbound and outbound. I don't think there is a legitimate
reason for these ports to be open. Even if you need MSFT file sharing
across the Internet, you better implement a simple PPTP VPN or such.

Almost any ISP class router should be able to block these ports. They
don't really need to buy any new equipment. And even if they have too,
its not all that expensive.


On 18 Nov 2002 17:58:30 +0100
bjorn at ruberg.no (Bjørn Ruberg) wrote:

> rilya byor <rilya1 at yahoo.com> writes:
> 
> > I've had it with these port 137 probes--I just logged
> > 27 in the last 3 minutes, after which my connection
> > locked up AGAIN.  Does anybody know if there's a
> > Windows program that can be set up to listen on port
> > 137 and automatically shoot back???
> 
> This is indeed a very bad idea. In addition to placing yourself
> at the same low level as those who scan you, often without knowing
> it themselves, you run the risk of *you* losing your internet
> connection because of your response.
> 
> Get yourself a proper firewall instead, by installing Linux or
> *BSD on the good ol' 486.
> 
> -- 
> 
> Bjorn
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 


-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20021118/fca14791/attachment.bin


More information about the list mailing list