Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How to stop FW machine to send nbname from itself?

To: [email protected]
Subject: Re: [FW-1] How to stop FW machine to send nbname from itself?
From: Dan Hitchcock <[email protected]>
Date: Thu, 4 Apr 2002 13:53:01 -0800
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] How to stop FW machine to send nbname from itself?

Taking this one step further, why is your firewall sending NetBIOS at all (answer: it is on NT/2k, and is running computer browser and/or workstation services). These services should normally be disabled on a firewall; there was a good thread earlier today on the list regarding how to harden a win2k firewall, which will provide the "best practices" solution to the specific problem.

HTH

Dan Hitchcock
CCNP, CCSE, MCSE
Security Operations Technical Lead
Breakwater Security Associates, Inc.
"Safe Harbor for E-Business"
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com
work

The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think you have received this email message in error, please email the sender at dhitchcock (at) breakwatersecurity (dot) com

-----Original Message-----
From: Russell Washington [mailto:[email protected]]
Sent: Thursday, April 04, 2002 1:01 PM
To: [email protected]
Subject: Re: [FW-1] How to stop FW machine to send nbname from itself?

Your issue (aside from the fact that you may want to just kill all NBT stuff
happening on the firewall) is likely that your policies are being applied on
the Inbound direction only (policy properties). Packets originating at the
firewall are, by definition, outbound, whether going to the Internet or an
internal interface.

You can take the approach of changing your policy property to Eitherbound,
or you can add a rule that says something like FW->Any->NBT->Drop with
"Install On" set to "Src." If you take the latter approach, log the rule
initially so that you can verify that it is dropping the traffic. It should
do the trick.

Obviously, while NBT is the issue you hit this on, what you're seeing would
actually apply to any service/protocol if the firewall were the source of
the traffic. Hope this helps.

-----Original Message-----
From: Jignesh Pathak [mailto:[email protected]]
Sent: Thursday, April 04, 2002 12:23 PM
To: [email protected]
Subject: [FW-1] How to stop FW machine to send nbname from itself?

Hello:

We have installed FW-1 v.4.1/SP5 on Windows 2000 SP2 at our client location.
We have AnyàAnyàNBTàDrop rule base to drop nbname, nbtdatagram packets and
FW is doing so. But FW logs shows that FW machine itself is sending nbname
packets to internet side. How can I stop this? Is there any performance
issue?

Thanks,

Jignesh

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] CheckPoint errors in Windows NT Event viewer
Next by Date: Re: [FW-1] Log Viewer Not responding
Previous by thread: Re: [FW-1] How to stop FW machine to send nbname from itself?
Next by thread: Re: [FW-1] How to stop FW machine to send nbname from itself?
Index(es):
- Date
- Thread