how to block netbios broadcasts
Hello,
I've a server in an European data center, My server is receiving a lot of UDP Netbios Boradcast packets (I've sniffed them via tcpdump ) I've block the sender IP via iptables but tcpdump again shows the packets that are receiving. an example tcpdump output 16:35:25.829592 IP SENDER-IP.netbios-ns > MY-SERVER-IP.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST How can I block those broadcast packets? |
Are you doing a "DROP" in the iptables rule? You'll still see the traffic but should also see it DROPped. When I had to do similar for stuff hitting my DNS server I could still see it in tcpdump but could also see it was never getting to DNS after being dropped by iptables.
|
You should actually block all that you don't need or only allow what you need. nebios should use a port but you block all udp that you don't use. Not sure what udp you'd normally want. Usually only port 80 tcp would be open maybe ssh ports or vpn ports.
|
Quote:
Do you know a way to block them all? |
Hi
You should actually block all that you don't need or only allow what you need.you can do this in iptables(Firewall level). |
Hi -
I'm not necessarily sure you *want* to block NetBIOS, at least not within your local LAN. For better or worse, it's often an important for coexisting with Windows. For example, you might need NetBIOS in order to share disks or printers between Windows and Linux hosts. HOWEVER: If you really want to block it with iptables, it's easy. Just set up rules for the following ports: Code:
- netbios-n 137 tcp 137 udp Code:
iptables -I INPUT -m pkttype --pkt-type broadcast -j DROP |
More examples. http://www.cyberciti.biz/tips/linux-...e-port-53.html
|
You are right. We can not control broadcast packet to reach to the NIC, But yes we can drop the packets by IPTables. The Packets that you see is the packets you received on your interface in raw. You must check your iptables rules whether you are dropping packets or not.
You can check that by iptables -nvx -t table-name -L This will show you the rules prefixed with the packet count and data transfer. |
Quote:
I've successfully dropped broadcast packets by adding proper rule in forwarding rule. |
All times are GMT -5. The time now is 06:09 AM. |