[GTER] Portas 445, 135, 137...

MARLON BORBA mborba at trf3.jus.br
Tue Jan 26 12:27:04 -02 2010


Subscrevo essa proposta e admiro-me de, embora obvia, ela nao seja massivamente implementada.
Se isso for feito vulnerabilidades triviais de um certo sistema operacional serao bem menos exploradas.




Abraços,

Marlon Borba, CISSP, APC DataCenter Associate
Técnico Judiciário · Segurança da Informação
IPv6 Evangelist · Moreq-Jus Evangelist
Comissão Local de Resposta a Incidentes - CLRI
TRF 3 Região
(11) 3012-1581
--
Follow me on Twitter!
twitter.com/mborba
--

>>> Sergio Ferreira <sergio at wgo.com.br> 01/26/10 11:11 AM >>>
Prezados,

    Não seria útil se os provedores começassem a bloquear essas portas  
para evitar a disseminação de vírus, trojans, etc ??

    Os serviços nestas portas foram feitos para utilização em LAN e não  
em WAN.

    O volume de pacotes é enorme e consome muitos recursos de banda,  
hardware e pessoal.

    Aqui filtro esses pacotes a anos e nunca tive uma solicitação para  
liberar essas portas.

    Só um exemplo do meu filtro, o volume é enorme :

Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:2369  
189.38.32.8:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:4461  
189.38.32.9:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:4318  
189.38.32.12:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:1066  
189.38.32.13:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.138.189:3935  
189.38.43.119:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 94.236.201.116:3691  
187.44.72.106:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 89.18.8.29:3600  
189.38.42.118:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:3241  
189.38.32.24:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:3832  
189.38.32.23:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 78.48.12.192:2132  
189.38.38.46:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.120.218.30:2710  
189.38.47.98:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:4879  
189.38.32.25:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 201.50.15.37:4695  
187.44.79.46:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:1917  
189.38.32.35:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:4666  
189.38.32.39:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 89.36.78.71:1934  
187.44.76.52:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:2431  
189.38.32.40:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:1403  
189.38.32.44:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:3809  
189.38.32.45:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 94.177.23.106:2482  
187.44.72.87:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:2725  
189.38.32.47:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:3266  
189.38.32.48:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 62.227.149.182:1101  
189.38.40.68:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 83.69.242.76:4989  
189.38.44.86:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:1124  
189.38.32.57:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:4991  
189.38.32.58:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 140.247.58.26:2860  
187.44.66.105:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:4201  
189.38.32.62:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 114.47.173.64:2458  
189.38.41.103:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:1296  
189.38.32.70:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:2476  
189.38.32.71:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:1378  
189.38.32.75:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:2957  
189.38.32.76:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 123.140.242.240:4821  
187.44.64.75:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 78.106.179.130:4262  
189.38.41.120:445 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 201.47.80.67:60816  
189.38.37.107:24164 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 189.38.236.197:4742  
189.38.32.84:135 in via vlan6
Jan 26 10:26:52 proxy kernel: ipfw: 2880 Deny TCP 114.126.158.251:3487  
187.44.71.93:445 in via vlan6    


Sérgio Ferreira
WGO Telecom
64 3411 3000
64 8119 1840



--
gter list    https://eng.registro.br/mailman/listinfo/gter




More information about the gter mailing list