problems blocking netbios

Carlos Alarcón calarcon at iracsa.com.mx
Fri Nov 5 11:22:05 PST 2004 

hi, i have problemas blocking netbios.. i have a freebsd bridge and use ipfw
as firewall, i have this line on my firewall
00002     3740      391236 deny udp from any to any dst-port
137,138,139,81,520 in recv xl1


this rule is matched but i still see netbios networks and shared computers
on my net
i still having traffic in these ports just like in this log of a tcpdump -i
xl1 |grep netbios ---->

i'd tried some configurations found in the net but i cant block definitive
netbios.. what i could do?????

12:06:32.498591 Ivan.netbios-dgm > 172.16.255.255.netbios-dgm: NBT UDP
PACKET(138)
12:06:48.099193 2.52:54:05:f0:a1:e5.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
12:06:53.108442 acer.netbios-dgm > 172.16.255.255.netbios-dgm: NBT UDP
PACKET(138)
12:07:11.626147 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:07:12.368783 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:07:13.124740 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:07:15.732109 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:07:16.496274 169.254.181.211.netbios-dgm > 169.254.255.255.netbios-dgm:
NBT UDP PACKET(138)
12:07:16.500684 2.52:54:05:f0:a1:e5.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
12:07:16.502866 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:07:17.226395 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:07:31.704838 2.52:54:05:f0:a1:e5.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
12:07:49.238467 2.00:11:5b:0f:77:a6.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
12:07:59.237731 2.00:11:5b:0f:77:a6.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
12:07:59.987385 2.00:11:5b:0f:77:a6.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
BROADCAST
12:08:12.068832 2.52:54:05:f0:a1:e5.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
12:08:12.909901 2.52:54:05:f0:a1:e5.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
12:08:13.750936 2.52:54:05:f0:a1:e5.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
12:08:14.612185 169.254.181.211.netbios-ns > 169.254.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:15.363122 169.254.181.211.netbios-ns > 169.254.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:16.114109 169.254.181.211.netbios-ns > 169.254.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:25.992338 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:26.742957 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:27.507799 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
BROADCAST
12:08:30.529039 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:31.276556 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; BROADCAST
12:08:32.019021 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:34.360527 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:35.107730 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:08:35.845438 final-6kypl57re.netbios-ns > 172.16.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:09:01.950604 Laboratorio.netbios-dgm > 172.16.255.255.netbios-dgm: NBT
UDP PACKET(138)
12:09:02.443748 Ivan.netbios-dgm > 172.16.255.255.netbios-dgm: NBT UDP
PACKET(138)
BROADCAST
12:09:15.362085 2.00:e0:4c:b1:21:16.455 > 0.ff:ff:ff:ff:ff:ff.455:
ipx-netbios 50
BROADCAST
12:09:23.136462 acer.netbios-dgm > 172.16.255.255.netbios-dgm: NBT UDP
PACKET(138)
12:09:23.138987 acer.netbios-ns > 172.16.255.255.netbios-ns: NBT UDP
PACKET(137): QUERY; REQUEST; BROADCAST
12:09:23.871273 acer.netbios-ns > 172.16.255.255.netbios-ns: NBT UDP
PACKET(137): QUERY; REQUEST; BROADCAST
12:09:24.662048 acer.netbios-ns > 172.16.255.255.netbios-ns: NBT UDP
PACKET(137): QUERY; REQUEST; BROADCAST
12:10:07.390154 acer.netbios-ns > 172.16.255.255.netbios-ns: NBT UDP
PACKET(137): QUERY; REQUEST; BROADCAST
12:10:08.133622 acer.netbios-ns > 172.16.255.255.netbios-ns: NBT UDP
PACKET(137): QUERY; REQUEST; BROADCAST
12:10:08.892928 acer.netbios-ns > 172.16.255.255.netbios-ns: NBT UDP
PACKET(137): QUERY; REQUEST;

More information about the freebsd-isp mailing list