Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
.
.
Software602 Login
E-mail:
Password:
forgot?
.
Support Home .
.
User Forum .
.
Knowledge Base .
.
Submit Ticket .
.
View My Tickets .
.
. .
.
602Pro LAN SUITE 2002 User Forumforum home | rss | search | terms of use
BackBack to 602Pro LAN SUITE 2002 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
Blocking inbound NetBIOS and UDP broadcast traffic
  Posted by  Terry Fehr  on Tuesday, February 18, 2003 at 8:52:14 AM (EST)
My proxy server is constantly recieving Windows Messenger Spam. Microsoft knowledge base article 330904 states:

Microsoft recommends that you install a firewall and configure it to block NetBIOS and RPC traffic instead of turning off the Messenger service.

How can I set up LanSuite to block that traffic?

Thanx,
Terry Fehr
  Posted by David Hart  on Tuesday, February 18, 2003 at 1:50:46 PM (EST)
I know that this is getting old but spend even $50 on a router and you will do the job right. A router will probably outlast any PC that you have. Just to prove the point re NetBios, here's my response from ShieldsUP!:

"Your Internet port 139 does not appear to exist! One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer. All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. "
  Posted by James Williams  on Tuesday, February 18, 2003 at 1:58:51 PM (EST)
Personally, I would just lose the messenger service, with so many people on instant messaging now days it's just about worhtless. I know over 150 network admins and not one of them use it. Why rack your brain about this? How many times have you sent a netsend message in the last year?
  Posted by Tim Reeves  on Wednesday, February 19, 2003 at 3:20:02 AM (EST)
My understanding is a domestic / SOHO router will only provide packet filtering anyway - which is the same as a software firewall.

The only difference is they use a custom OS which is unlikely to be exploited by a hacker. Its easier for a hacker to use a known vulnerabiltiy in a software firewall.

This means a router wont protect Terry from 'Messenger' hits any more than a software firewall.
  Posted by David Hart  on Wednesday, February 19, 2003 at 10:15:07 AM (EST)
A decent router (about $75.00 these days) filters primarily by NAT filtering on ports and IP. With a couple of minor tweaks it will stealth all your ports except those that are intentiaonally opened. BTW, stealth is not always good. For example, with LS, you do NOT want to stealth 113 or receiving SMTP servers will wait for a timeout on IDENT requests.

Software firewalls like Zone Alarm pro are better at filtering OUTBOUND connections BUT they are cumbersome and consume overhead on each machine.

Routers do a better job inbound with no overhead. Furthermore a router shares an SUA (single user account) much more efficiently than a proxy. I would contend that inbound filering negates the need for outbound since, if you are not letting the crap in, it can't go out. There are a few things that the user can do that may be more important:

1. Use common sense. Make informed choices by knowing that programs like Real Player, Incredimail, KaZAA etc. are inherently intrusive.

2. Use a good trojan/spyware detector. I use AdAware AND SpyBot S&D. Frequency depends upon the risks that you take.

3. Put a program like Proxomitron on every machine to filter web content and eliminate web bugs.

4. Use IE's security zones. By default, surf WITHOUT scripting and ActiveX.

5. A thorough HOSTS file is a simple element of increased security/privacy. You can locate this on a network share. In fact, if you use BIND-PE you can even creaete a null zone as partof name resolution to replace the hosts file. The advantage is that it accepts wildcards (HOSTS does not).

6. Make certain that your e-mail program does NOT resolve external graphics.

End of sermon. I'm no techie. I've just learned the hard way. I've had both my privacy and security compromised.
BackBack to 602Pro LAN SUITE 2002 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
.
. . .
.
  © 2009 Software602, Inc. All rights reserved.