Hi, Can someone comment on the following script as to whether or not it should work? (It's related of course to the influx of 135 scans..) iptables -A INPUT -i $EXT_DEV -p tcp -d $EXT_DEV --dport 135 -j DROP iptables -A INPUT -i $EXT_DEV -p udp -d $EXT_DEV --dport 135 -j DROP iptables -A OUTPUT -o $EXT_DEV -p tcp -d $EXT_DEV --dport 135 -j DROP iptables -A OUTPUT -o $EXT_DEV -p udp -d $EXT_DEV --dport 135 -j DROP Perhaps my understand of UDP packets isn't very deep, so I might have missed some tidbit regarding the states of udp ports. But with the above script portion, when I execute: nmap -sT -p 135 <ext ip> from a remote machine, I get a host down message. With nmap -sT -P0 -p 135 <ext ip>, I get a (135/tcp filtered). (Good news?) But with : nmap -sU -P0 -p 135 <ext ip>, I get a (135/udp open). Can someone explain to me what I'm doing wrong or what information I have forgotten? Does it even matter if the udp 135 port is open? I'm currently in the process of closing all unneccessary ports (be it tcp or udp). Thanks. ** All information contained in this email is strictly ** ** confidential and may be used by the intended receipient ** ** only. **
