[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
- Subject: Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
- From: "Steve Bassi" <steve@xxxxxxxxx>
- Date: Thu Jul 18 07:19:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> It seems someone's box at our host may be compromised as we are getting
10-20 rejections (input) written in the log every second
> (with ipchains on) from 1 IP. Unless there is a another explanation for
accessing port 137/138?
>
This is samba and is quite normal.
If you add the following to your firewall script, it should stop it.
$IPC -A input -p tcp -s 0/0 -d 0/0 137:139 -j DENY
$IPC -A input -p udp -s 0/0 -d 0/0 137:139 -j DENY
to block the IP, if you want to (although it is doing nothing wrong.
/sbin/ipchains -I input -s [IP here] -j DENY -l
Then add the following to the bottom of /etc/rc.d/rc.local , so you dont
loose it on reboot
/sbin/ipchains -I input -s [IP here] -j DENY -l
I am assuming you have a firewall script, if not I can let you have a copy
of mine to amend.
Rgds
Bassi