> My objective: To block traffic coming in through the router on TCP =
port 139.
>=20
Just out of curiosity, why bother?
-- yu
---I'm glad you asked... ;-)
The reasons for it are as follows: "wink" and "ntcrash"
Two Linux programs. Supply wink with an ip of a Windows95 or Memphis = (yes, I tried) machine and it kills the machine. (Actually reboots a = Dell I have here.) Give ntcrash the ip of an NT machine (only tried it = under 4.0 but more than likely it works on 3.5x or lower...) and that = machine will either simply die (screen goes black and the system is = frozen) or you get to see the Blue Screen of Death. Not good. I don't = know if there is a software patch that can fix this, and I'm not even = sure *what* the programs are sending, but I know that they send to port = 139. I figured that the safest and most effective way to protect all the = machines on our network would be to stop it at the gateway. And I just = found out (thanks to help from you guys - s'pecially Damien T.) that if = you set a filter it will indeed stop the attack cold, at the router. I = thought maybe I was late finding out about these little nasties... but = maybe they're more recent than I thought.
All right, I've clogged up the mailing list with my banter long enough. = Again, thanks to everyone for your help!
Brad
"Where are we going, and why are we in this handbasket...?"