Hi,
Looking for some advice on a firewall issue.
My hosting company have Windows machines on the same network which are broadcasting for NetBIOS/NetBEUI providing a pretty constant stream of requests to UDP 137/138.
These are being blocked and the IPs shunned.
They are harmless, but annoying.
What would be the best course of action to either block or ignore these permanently, without disabling the notifications of rule 4151 "Multiple Firewall drop events from same source."
ASL Firewall - NETBIOS/NETBEUI broadcasts
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4155
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: ASL Firewall - NETBIOS/NETBEUI broadcasts
Thanks for the question, just enable this option:
https://www.atomicorp.com/wiki/index.ph ... BROADCASTS
If you arent using the ASL kernel, non-ASL kernels dont have a broadcast detection capability so on systems using those limited kernels enabling this will only silently drop the following types of broadcasts:
TCP and UDP: 255.255.255.255
Multicast: 224.0.0.0/24
With a non-ASL kernel you'll have to add in manual rules to ignore other types. With the ASL kernel, just enable that one option and all broadcasts will be silently ignored.
https://www.atomicorp.com/wiki/index.ph ... BROADCASTS
If you arent using the ASL kernel, non-ASL kernels dont have a broadcast detection capability so on systems using those limited kernels enabling this will only silently drop the following types of broadcasts:
TCP and UDP: 255.255.255.255
Multicast: 224.0.0.0/24
With a non-ASL kernel you'll have to add in manual rules to ignore other types. With the ASL kernel, just enable that one option and all broadcasts will be silently ignored.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: ASL Firewall - NETBIOS/NETBEUI broadcasts
Perfect - thanks, that should do the trick!