G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
Praxiteles Democritus <no@email.here> wrote:
> I mean blocking, sorry. Here's what someone posted in this group
> recently and I thought I would take their advice. Is it not good
> advice?
> "As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and
> 445 on *any* SOHO Router."
I think, this is not meant for masquerading/NAT setups.
You can filter any packages away, which are intended for those ports.
This is not harmful.
But, usually with masquerading and filtering anything away on the outside
interface, which seems to be coming from inside, is enough.
I don't know any NAT device, which can be tricked to route TCP sockets
to the SMB ports from outside.
Anyone else?
Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Praxiteles Democritus <no@email.here> wrote:
> I mean blocking, sorry. Here's what someone posted in this group
> recently and I thought I would take their advice. Is it not good
> advice?
> "As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and
> 445 on *any* SOHO Router."
I think, this is not meant for masquerading/NAT setups.
You can filter any packages away, which are intended for those ports.
This is not harmful.
But, usually with masquerading and filtering anything away on the outside
interface, which seems to be coming from inside, is enough.
I don't know any NAT device, which can be tricked to route TCP sockets
to the SMB ports from outside.
Anyone else?
Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"