Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

gizmo_mathboy (782)

gizmo_mathboy
  reversethis-{moc ... } {yobhtamomzig}

aerospace engineer by education, all-around walking cesspool of knowledge by nature, and professional grade slacker by choice. Sysadmin at a major midwestern university.
Wednesday October 23, 2002
11:13 PM

NetBIOS Spam

[ #8552 ]

Don't know if any of you are afflicted with this "new spam" but it is rather annoying.

My university, my department actually, is discussing how to best handle it. It would be nice close down TCP port 139 (and UDP port 135 I think) but since we are a university there is a certain amount of openness required.

I think the best solution for us would be to stop it at a firewall. Basically close of the port to all IP addresses except for those few we trust.

Since this is something that will be discussed at a staff meeting tomorrow I expect a lively discussing.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • You need to read my journal [perl.org] :) Since I posted my journal we've had 553,184 udp drops on 135-139 and 1,182 tcp.

    Block 135-139 udp & tcp on the firewall and you should be sorted. I can't think of a legitimate reason for incoming traffic on those ports. It also saves you from the headache of open netbios shares being accessible over the net.

    It definatly sounds like you need a more paranoid firewall. We use a default deny and specify what service on what ip is publicly accessible.

    • As a temporary measure we are disabling Messenger Service while we figure out what ports to block.

      I would stop all external traffic to all ports except for SSH, SSL, and HTTP. Then try to figure out what other ports can be opened.

      Within the university just about anything goes. Of course, that means network monitoring (more than what little we do now).