Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Ben Jolly (Ben.Jollyneonsys.com)
Date: Tue Jul 03 2001 - 07:26:05 CDT
Disable NetBIOS on the External Interface. If you are just Blocking NetBIOS
than NetBIOS is still active on that interface. Go to the Properties of the
connection Internet Protocol Properties Advanced Wins select Disable NetBIOS
From: Rich Wilson [mailto:wk633yahoo.com]
Sent: Friday, June 29, 2001 5:21 PM
Subject: NetBT release messages
I have a problem that's driving me batty.
I have a dual-hostsed server, internal network is 172.16.1.0, external is
192.168.1.0 (all behind a corporate FW). The server has ipsec rules applied
for port filtering. There's a default deny everything rule, a rule that
anything from 172.16.1.0, an HTTP rule (allow TCP from any to my address on
an SMTP client rule (allow TCP from me to any on 25) and a DNS client rule
(allow TCP/UDP from me to any on 53).
The server is getting NetBT release messages from other machines on the
192.168.1.0 network, and generating Event ID 4320. The IP in the data of
event always points to a 192.168.1.0 machine. The machines generating the
release messages don't have access to the 172.16.1.0 network.
Problem 1 is why other machines are generating these? I've been through all
the 'normal' reasons for this (searching http://www.eventid.net and
http://support.microsoft.com/support/kb/articles/Q120/7/52.asp) but I can't
any duplicate names anywhere. I've heard having a workgroup name and system
name the same will cause this, I don't have that.
Problem 2 is how these messages are getting past IPSec. They appear even if
have a specific rule to block UDP on ports 137, 138 and 139. I went so far
to write a client/server to send simple UDP packets to make sure IPSec was
working, and it is in fact blocking.
Anybody run accross something like this before? I am using Win2K server,
: 0/ 0
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail