ports

vince · May 19, 2006, 6:33pm

do you guys block any ports on the SM side for the health of your network?

ahull · May 19, 2006, 8:39pm

I block SMB and DNS servers.

That way, my customer’s can’t see eachother in the “Network Neighborhood” and I’m protected from a customer setting up a DHCP server and handing out addresses to other subscribers.

chrisopq · May 22, 2006, 6:15am

i block SMB

Derrick · May 23, 2006, 5:03am

We block the following:
PPPoE
SMB
SNMP
Bootp Server (routers plugged in backwards)
IPv4 Multicast (stops a lot of uneccesary broadcast traffic)

vanilla · June 28, 2007, 1:21pm

Guys, we are seeing a very strange issue here.

We have two clients on a bridged connection and on the same VLAN. Both SMs are set to block SMB yet client A is able to see Client B’s PC on his network neighbourhood.

Needless to say that I am stumped.

Any clues?

tlsarles · June 28, 2007, 4:01pm

We block SMB, bootp server, pppoe, and multicast.

Vanilla. I wonder if the VLANing removes the filtering within the VLAN, but blocks to outside traffic? Just a thought, I don’t actually know. I do know that SMB sharing uses several different ports for different functions. The network browsing for instance is a different port that the file transfer its self. Can they only see each other, or can they fully R/W to shares?

vanilla · June 28, 2007, 4:53pm

They can browse and read, write and delete files…

Scary stuff.

vanilla · June 30, 2007, 6:00pm

I’m going to bump this up again as in my view this is a very serious problem.

Two subscribers, using two SMs on the same VLAN, both with SMB filtered on their SMs and on bridge.

Subscriber A can see the PC of Subscriber B and can read, write and delete files.

This is a serious problem. It occurs when running 7.36 or vers 8.

Has anyone else seen this?

Jerry_Richardson · July 1, 2007, 5:43am

Confirm that you are blocking the following:

The following ports are associated with file sharing and server message block (SMB) communications:
• Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
• Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).

vanilla · July 1, 2007, 6:09am

Jerry, thanks for your reply.

The SM allows you to select SMB as one of the Protocols to block and then also allows another 3 user defined ports.

If you select SMB, I assume it handles all SMB related ports. Correct?

Jerry_Richardson · July 1, 2007, 4:58pm

I would assume SMB blocks 135 to 139 however you will need to add 445.

Not sure if this will solve your problem but it’s worth a try.

I assume you are also blocking multicast?

vanilla · July 1, 2007, 8:41pm

We block multicast. I cannot understand how nobody has seen this before.

I cannot even understand how this is the first client who actually saw this. There must be loads of people who still have their PC set to use WORKGROUP as their workgroup name…