El dom, 13-02-2005 a las 15:09 +0200, Georgi Alexandrov escribiÃ: > Jose Maria Lopez Hernandez wrote: > > >El dom, 13-02-2005 a las 09:28 +0300, Mikhail Zotov escribiÃ: > > > > > >>Hello everybody, > >> > >>I have a Linux machine (with a static routable IP address) > >>connected to a windoops LAN. As is known, there is certain > >>"noise" in windoops networks, which can be silently dropped > >>by a rule like this: > >> > >>iptables -A INPUT -p udp --dport 135:139 -j DROP > >> > >> > > > >That's OK, but also DROP port 445 because there's also a great > >amount of traffic in that port. > > > > > > > How exactly is that OK ? i guess you don't have anything listening on > 135-139/udp, right ? The OP *wanted* to DROP that ports, and their rules were OK. That's all I said. And have in mind that even if you are not listening in those ports you are responding RST-ACK packets if you don't DROP the connections. I have to DROP the 445 packets from the Internet because they cause my machine to send traffic I don't want to be sent. > So you won't "save" any traffic with a rule like that, that's how > ethernet works. You save the RST-ACK responses, if I'm not wrong. > The only point in a rule like that maybe is - if you are logging not > matched packets at the end of the filter table/INPUT chain and don't > want your logs flooded by that broadcast traffic. That's right. But if you want to DROP the Netbios packets also there's nothing wrong with it. > >If you are don't want to receive traffic your broadcast it's OK. > > > > > same thing here ... you will receive that broadcast traffic no matter > what. dropping it won't help. Same reason that before. You receive the packets, but you don't answer to them. > regards, > Georgi Alexandrov Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
