Re: CSI (Security Policy) Help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Feb 1, 2009 at 11:08 AM, Stephen John Smoogen <smooge@xxxxxxxxx> wrote:
> On Sat, Jan 31, 2009 at 10:09 PM, Frank Chiulli <frankc.fedora@xxxxxxxxx> wrote:
>
>>
>> I'm not running samba.  If I put the following rule before the LOG
>> rule, will the packets be dropped and the messages stopped?
>>
>> -A INPUT -p udp -s 192.168.0.0/24 -d 192.168.0.0/24 -m multiport
>> --ports 137,138 -j DROP
>>
>
> I normally go with 135:139 as they are noisy ports. On a public
> network I have a list of ports I drop because they are noisy
>
>
> -A INPUT -p tcp -m tcp --dport 67:68 -j DROP
> -A INPUT -p tcp -m tcp --dport 135:139 -j DROP
> -A INPUT -p tcp -m tcp --dport 445 -j DROP
> -A INPUT -p udp -m udp --dport 67:68 -j DROP
> -A INPUT -p udp -m udp --dport 135:139 -j DROP
> -A INPUT -p udp -m udp --sport 177 --dport 177 -j DROP
> -A INPUT -p udp -m udp --dport 445 -j DROP
> -A INPUT -p udp -m udp --dport 1024:1030 -j DROP
>
> The 1024:1030 UDP drop the enormouse anmount of UDP pop-up spam.
>
>
>
> --
> Stephen J Smoogen. -- BSD/GNU/Linux
> How far that little candle throws his beams! So shines a good deed
> in a naughty world. = Shakespeare. "The Merchant of Venice"
>

Stephen,
Thanks for the suggestions.  I'm hoping that my router throws most of
those away because so far all I've seen in messages is local traffic.

I discovered something interesting while looking at messages.  I saw
the following message repeated several times:

Feb  1 09:03:46 localhost kernel: FW-REJECT IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:21:47:b7:86:61:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=40094
PROTO=UDP SPT=68 DPT=67 LEN=308

I was curious what it was because of 'SRC=0.0.0.0'.  It turned out to
be my Wii.   I discovered this based on my router which keeps track of
MAC addresses and IP addresses.  I had forgotten that it was on my
net.

Frank

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux