How to open port 137:139

[linux_fed2]

hi,
how could i open port 137:139 in my firewall. am using fedora core 2.

thanks!

[taylor65]

Go to System Settings -> Security Level. At the bottom of the window is a place for entering other ports.

[ghenry]

Trying to run Samba?

[vinu]

Do the following as root from a command prompt
/sbin/iptables -p tcp --sport 137:139 -j ACCEPT

If you're using multiple NIC's, it's advisable to enable them on your internal network only, by specifying the -i <interface> option.

And you can add it to a local start-up script like /etc/rc.local so that it's enabled at every boot.

[crackers]

I sure as hell hope this computer isn't connected to the Internet... Ports 137:139 are those nasty Netbios ports used by Microsoft networking. Those particular ports get hit real hard all the time, so it may render your connection worthless if it's to the world at large, instead of just locally.

an easier way is to use a decent firewall frontend like firestarter to install it use yum [code]yum install firestarter[/url] its very intuitive.

[Ned]

Quote:

Originally Posted by crackers

I sure as hell hope this computer isn't connected to the Internet... Ports 137:139 are those nasty Netbios ports used by Microsoft networking. Those particular ports get hit real hard all the time, so it may render your connection worthless if it's to the world at large, instead of just locally.

Absolutely. You must also add a filter for checking the source is ONLY from your internal IP address range and preferably use mac filtering to prevent IP spoofing. For example:

Code:

iptables -A INPUT -p tcp -s 192.168.0.1 --sport 137:139 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT

Otherwise you might as well just leave the door wide open and hang a big sign outside welcoming people in

Ned

[Lopov]

Quote:

Originally Posted by crackers

I sure as hell hope this computer isn't connected to the Internet... Ports 137:139 are those nasty Netbios ports used by Microsoft networking. Those particular ports get hit real hard all the time, so it may render your connection worthless if it's to the world at large, instead of just locally.

Yep he's right, you never open any of the ports lower than 1000 unless you want a new and state of the art trojan controlling your system.

[crackers]

Quote:

Originally Posted by Lopov

Yep he's right, you never open any of the ports lower than 1000 unless you want a new and state of the art trojan controlling your system.

That's not entirely correct, otherwise web servers wouldn't work at all. The "trick" to opening a port below 1024 is that those are controlled by the "root" user (priviledged). Typical behavior for using these ports is to be opened by an application, acting as the "root" user, then the application (servers) will change to an un-priviledged user (e.g. "nobody") that has logins disabled. This prevents someone from tunneling in through the port and immediately acquiring "root" access. And this is why buffer over-runs are dangerous - they make it possible to execute inserted code as the unpriviledged user and possibly gain a login onto the box, sometimes (depening on how poorly the server's written/setup/run) even as "root."

This, incidentally, is one of the reasons why older Windows OSs were/are so dangerous - the "normal" user always had administrative control of the system. NT and XP have addressed this, somewhat, but there's simply too many holes and shortcuts from those legacy days to be found and eliminated - Windows wasn't built with ANY kind of actual security in mind.

[Ned]

Quote:

Originally Posted by crackers

This, incidentally, is one of the reasons why older Windows OSs were/are so dangerous - the "normal" user always had administrative control of the system. NT and XP have addressed this, somewhat,

True, but how many windows users do you know that don't automatically give their user accounts administrative privileges - only the ones who've used *nix before

MS should drum it into users to only use the admin account for admin, but it's funny that I've never ever seen this mentioned even once in all my time using NT4, Win2K and XP.

Ned

[AwPhuch]

There is a large misconception about attackers on the intenet



Check that out
https://secure.dshield.org/index.php

Brian
AwPhuch

[crackers]

Lies, damn lies, and statistics. I presume you're talking about "others?" Let's see:

There are 6 specific ports listed in the legend. That means "others" covers 65530 ports. Using eyeballs on the US-chart, that means for each "other" port, it (statisitically) accounts for about 0.07% of the chart, whereas port 135 (again by eyeball) alone accounts for over 30%.

Isn't it amazing how you can spin numbers to mean pretty much what you want?

[Ned]

Crackers,

I wonder if you have any opinion on the merits of their FightBack scheme and whether you consider it worth participating in?

Link again:
https://secure.dshield.org/index.php

Ned

[crackers]

Participating in things like this never hurt, as long as you believe it's a valid organization and not someone on a phishing trip.

Me, I'm overly paranoid - I keep my head down, try to stay invisible, and don't share my logs with nobody!

[Ned]

Thanks Crackers - always interesting to get opinions one wouldn't think of

Oh - just wondering where all my hard earned reputation points went. I guess they expire after a while as I've been a bit less active lately or maybe I got a load of negative feedback and they cancelled out

Ned