[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NT talking with NBNAME to whole world?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What you are seeing are most likely NetBIOS name lookups. NT will try to resolve an IP address to a name using DNS, and if that fails, NetBIOS. You're action was correct. Disable Accept Outgoing, set interface to Eitherbound and create NBT drop/reject rules (i.e. Local-Net - Any - NBT - Reject [I use reject against internal devices to speed to the connection termination]). The NBT drop rule will also filter the Explorer-type viruses that scan for open shares. You should still review the hardening documents others pointed out. At least disable every binding, except TCP/IP, on the external interface (that includes disabling Workstation, Server, etc). Regards, Frank > -----Original Message----- > From: Ralf Guenthner [mailto:[email protected]] > Sent: Friday, October 13, 2000 7:28 AM > > Another neat problem on an NT firewall system I "inherited": > I noticed after > activating the logging for the standard drop rule that the > firewall system > itself was talking Netbios nbname service to systems in > Argentina, USA asf. > I stopped that by unchecking "Accept outgoing packets" and setting > the interface direction to "eitherbound". > > My question is: Why would this system do that, has it > probably already been > hacked? There were so many different sites it was doing the > nbname to I > wonder what it means? -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOecvIURKym0LjhFcEQKYqwCgrwKsjow/UZPRnSpIEHhli018DJMAoJ35 e0UkvnLQu1XXx7cdbsJu3Lbz =htYp -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|