SLUG Mailing List Archives - Re: [SLUG] smbd attack

To: O Plameras <oscarp@xxxxxxxxxxx>
Subject: Re: [SLUG] smbd attack
From: Michael Fox <fox.michael@xxxxxxxxx>
Date: Sat, 18 Jun 2005 20:30:44 +1000
Cc: slug@xxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KAuQHoO3ORejPFg61dMxR7zaBoneK4ZVN6CFb7DA4z8po51SQ35F3V9w379qw+nPaVWQ1N1ySujEptBeXvCq30+nGcvU01uyBzEF+V1tRlovmuQQt9vG30ogRpiWl0QY7S4GqzRox5O7A7s4kF3svvD531EEc0x22bcg5mMKCyY=
Reply-to: Michael Fox <fox.michael@xxxxxxxxx>

On 6/18/05, O Plameras <oscarp@xxxxxxxxxxx> wrote:
> 
> Hi,
> 
> Learn how to protect your network from these attacks
> by learning what is involve in attacking:
> 
> http://www.insecure.org/nmap/nmap_doc.html

My question to the original poster is, why on earth would you have
smbd bound to an interface of a real world routable ip. If this host
has internal networks that need samba, then by all means only bound
samba to those internal networks, and disable it from completely using
the outbound interface. If you must use this outbound interface,
atleast filter it to the only ip addresses/networks that need to use
it.

Follow-Ups:
- Re: [SLUG] smbd attack
  - From: luke

References:
- [SLUG] smbd attack
  - From: luke
- Re: [SLUG] smbd attack
  - From: O Plameras

Messages sorted by: [ date | thread ]
Prev by Date: [SLUG] Re: Linux Printing
Next by Date: Re: [SLUG] smbd attack
Previous by thread: Re: [SLUG] smbd attack
Next by thread: Re: [SLUG] smbd attack