Welcome to WebmasterWorld Guest from 54.226.110.143

Forum Moderators: bakedjake

Message Too Old, No Replies

my ISP detect some port using by virus

can u help me about blocking some port

     
4:56 am on Jul 21, 2004 (gmt 0)

New User

10+ Year Member

joined:July 21, 2004
posts:3
votes: 0


my isp contact me yesterday and askin' to me to BLOCK port 445 and 135 cause they said virus using that port

how to block this port using iptables? and how to make this blocking available on next reboot

sory i am new

info :
OS : SUSE 9

thx

8:41 am on July 21, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:May 15, 2003
posts:53
votes: 0


There is a general How-to on using Linux Firewalling tools here :

[tldp.org...]

(as well as lots of other places on the net).

If you don't need a service running, or port open, then close it :)

10:01 am on July 21, 2004 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9068
votes: 4


Welcome to WebmasterWorld, badm4n.

Port 135 is for the Microsoft Remote Procedure Call (RPC) service and port 445 is for SMB. Are you running an open Samba share? In both cases, because you are running Linux, your machine is not vulnerable to the worms which attack these ports, but your ISP may have detected that your machine is responding on the two ports in question. As already mentioned, you need to ask yourself whether you need these services running - if you need Samba for networking to local Windows machines on your network, then you should secure it.

My recommendation over IPTables is to get an external router with NAT translation and an integrated firewall. They are incredibly cheap these days, and they protect the whole network with one device.

3:29 pm on July 21, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 3, 2004
posts:55
votes: 0


info :
OS : SUSE 9
Go to System => Yast2 => Security and Users => Firewall

Activate, select external interface, use default settings

3:19 pm on July 23, 2004 (gmt 0)

New User

10+ Year Member

joined:July 21, 2004
posts:3
votes: 0


thx for your help guys...

i think i dont use that samba things ^^

i refer to block it for future convience between me and my ISP lolz

thanks for your help....

btw ....

i am new at *nix thing ...

do you have a url that explain and teach a newbies from zero ... about linux ... hmmmm i refer to use slackware for my future OS....
i need a URL that "teach" me about slackware ( installation and then setup :p ) pls pls pls

thanks

5:11 pm on July 23, 2004 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 28, 2003
posts:366
votes: 0


I used to use slackware exclusively... This site helped me quite a lot. It comes as quite the shocker, I'm sure, but:

[slackware.com ]
[slackware.com ]

and for package management/updating use:

[swaret.org ]

I left the Linux world before swaret had come out, so I've never used it, but apparently it's a life-saver.

And, for an all-in-one Gnome setup:

[dropline.net ]

HTH,
MM