My understanding is that the SMB protocol has a way of spreading itself
around a network. My solution is to add the following lines to my
rc.firewall script through ipchains. This keeps any unfriendly stuff
from hitting your windows clients, but does not deal with any possible
data leakage from them, which I can't speak to.
>From ipchains (note, wordwrapping):
/sbin/ipchains -A input -j REJECT -p udp -s $UNIVERSE -d $UNIVERSE
netbios-ns
/sbin/ipchains -A input -j REJECT -p udp -s $UNIVERSE -d $UNIVERSE
netbios-dgm
/sbin/ipchains -A input -j REJECT -p udp -s $UNIVERSE -d $UNIVERSE
netbios-ssn
where $UNIVERSE = 0.0.0.0/0
This is entirely dependent on the use of a 2.2 kernel with ipchains. Or
are you trying to deal with this from another angle?
Nathan
-- Creative intelligence, now with vowels! http://ismedia.org/ | nwalls@ismedia.org PGP public key @ http://ismedia.org/is30/key/> I am evaluating putting samba on an internet gateway server. > Am I opening security holes by doing this? > > I currently have Samba on my brie.com server, and I have it so the > service is available only to my internal network, but I have been told > that there are potential security holes to doing this.
**************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts" * in the message body to majordomo@saclug.org. Please direct other * questions, comments, or problems to lug-nuts-owner@saclug.org.
This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:11 PST