Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
bit.listserv.openbsd-pf
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
pf behaviour with tcp ports 439 and
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   2 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
tech  
View profile  
 More options Sep 11, 7:42 am
Newsgroups: bit.listserv.openbsd-pf
From: t...@bluegentoo.co.uk (tech)
Date: 10 Sep 2009 14:42:25 -0700
Local: Fri, Sep 11 2009 7:42 am
Subject: pf behaviour with tcp ports 439 and
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
Is there any reason why pf might behave in a special way for tcp ports
439 & 445?  I just happened to notice that with a minimal pf.conf:

# macros
ext_if="pppoe0"
int_if="ep2"

# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)

# filter rules
block in log
pass out log
pass in log quick on $int_if

No matter how hard I look I NEVER see a blocked or passed packet in the
log file for incoming packets to ext_if for tcp ports 439 & 445.  Every
other port behaves entirely as expected when I test this out.  I first
became aware of this when playing around with GRC sheilds-up - it listed
439 & 445 as 'stealth', even when I forced block-policy to 'return'.

I might be missing something blindingly obvious here, but...

Any thoughts?

Thanks
t...@bluegentoo.co.uk


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Jon Hart  
View profile  
 More options Sep 11, 4:27 pm
Newsgroups: bit.listserv.openbsd-pf
From: warch...@spoofed.org (Jon Hart)
Date: 10 Sep 2009 23:27:50 -0700
Local: Fri, Sep 11 2009 4:27 pm
Subject: Re: pf behaviour with tcp ports 439 and
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
My guess is that you meant 139/TCP instead of 439/TCP, in which case
this is pretty much on par for many residential ISPs and their
blocking of typical problematic ports.

My suggestion?  Re-run shields-up (for what its worth) and run a
capture on $ext_if with an appropriate filter and I'd bet you don't
see any inbound 139 or 445.

-jon


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google