>> My objective: To block traffic coming in through the router on TCP port 139.
>>
>Just out of curiosity, why bother?
He's trying to prevent the latest denial of service attack on Windoze
systems. There is an attack you can launch against unpatched Windoze
systems running Netbios and/or WINS that causes them to crash. This
happens without fail, we have tried the exploit and it has not failed yet
to bring a 95 or NT box down to the blue screen. It is caused by sending
a MSG_OOB (out of bounds/band message to that port) However this is not
the only port/exploit that has been found recently to affect win32
systems. I'm surprised that this is not getting more media coverage, it
certainly would if the same thing was true of a non-Microsoft OS. In
fact, my UNIX box has registered several hits by individuals against port
139 during recent IRC operation, so the word is getting out rapidly, but
probably to the wrong individuals. Until the patch from Microsoft is
installed, the only remedy is to turn off WINS and netbios (not an option
for some people which is why this is so potentially dangerous, the exploit
code is only 1.7 KB in size and relatively easy to obtain off BugTraq)