On Sun, Feb 1, 2009 at 2:35 PM, Frank Chiulli <frankc.fedora@xxxxxxxxx> wrote: > On Sun, Feb 1, 2009 at 11:08 AM, Stephen John Smoogen <smooge@xxxxxxxxx> wrote: >> On Sat, Jan 31, 2009 at 10:09 PM, Frank Chiulli <frankc.fedora@xxxxxxxxx> wrote: >> >>> >>> I'm not running samba. If I put the following rule before the LOG >>> rule, will the packets be dropped and the messages stopped? >>> >>> -A INPUT -p udp -s 192.168.0.0/24 -d 192.168.0.0/24 -m multiport >>> --ports 137,138 -j DROP >>> >> >> I normally go with 135:139 as they are noisy ports. On a public >> network I have a list of ports I drop because they are noisy >> >> >> -A INPUT -p tcp -m tcp --dport 67:68 -j DROP >> -A INPUT -p tcp -m tcp --dport 135:139 -j DROP >> -A INPUT -p tcp -m tcp --dport 445 -j DROP >> -A INPUT -p udp -m udp --dport 67:68 -j DROP >> -A INPUT -p udp -m udp --dport 135:139 -j DROP >> -A INPUT -p udp -m udp --sport 177 --dport 177 -j DROP >> -A INPUT -p udp -m udp --dport 445 -j DROP >> -A INPUT -p udp -m udp --dport 1024:1030 -j DROP >> >> The 1024:1030 UDP drop the enormouse anmount of UDP pop-up spam. >> >> >> >> -- >> Stephen J Smoogen. -- BSD/GNU/Linux >> How far that little candle throws his beams! So shines a good deed >> in a naughty world. = Shakespeare. "The Merchant of Venice" >> > > Stephen, > Thanks for the suggestions. I'm hoping that my router throws most of > those away because so far all I've seen in messages is local traffic. > > I discovered something interesting while looking at messages. I saw > the following message repeated several times: > > Feb 1 09:03:46 localhost kernel: FW-REJECT IN=eth0 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:21:47:b7:86:61:08:00 SRC=0.0.0.0 > DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=40094 > PROTO=UDP SPT=68 DPT=67 LEN=308 > > I was curious what it was because of 'SRC=0.0.0.0'. It turned out to > be my Wii. I discovered this based on my router which keeps track of > MAC addresses and IP addresses. I had forgotten that it was on my > net. Yeah... that one can be a shocker when first looked at :). As you probably know, the reason is that a box booting up doesn't have an IP address and the old standard was to use 0.0.0.0 as the default to start up as. Some other boxes use a different from IP address, but for the most part they are 0.0.0.0 -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
