Re: Stop logging Netbios?
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 Dec 2001 17:15:32 -0800
Dontcha just love picking up after the children?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the book!
----- Original Message -----
From: "Blake Al" <al.blake@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Cc: "ICT correspondence" <ICTcorrespondence@xxxxxxxxxxxxxxx>
Sent: Thursday, December 13, 2001 13:51
Subject: [isalist] Re: Stop logging Netbios?
http://www.ISAserver.org
Thanks for the tip.
The ISA server AND the router AND the LAN were all plugged into the same
switch WITHOUT a VLAN. ie everything was connected to everything else.
Long before I took up the job the organisation paid huge $$$ the an
ISP/consultancy to install and configure the LAN and setup the security.
This is just the latest in a string of security problems I found:
1. No access lists on boundary router.
2. Superuser password same on everything (and easy to guess)
3. ISA configured with 'allow everything all the time for everyone'
4. No anti-virus on mail
5. Internal mail server connected to Internet OUTSIDE of ISA server
6. No logging on anything
7. Tape backup of 5% of the servers only
8. No backup configurations on anything
9. No documentation on anything
10. Router & LAN & ISA all on same switch with no VLAN
....I'm sure I will find more.........
Incidentally the ISP has now gone bust rather spectacularly. Looking at
the quality of this installaiton I am not the least surprised.
Finally,
Rather than play aorund with switches and VLANs I just found an old
100TX hub and plugged the router and External NIC of the ISA server into
that. Works perfectly and doesnt need configuration. Sometimes the
simplest solutions are the safest ;)
Thanks again.
Al.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, 12 December 2001 2:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Stop logging Netbios?
http://www.ISAserver.org
Since the ISA external interface is seeing these broadcasts, it appears
that
it's sharing a hub with the LAN.
Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
----- Original Message -----
From: "Blake Al" <al.blake@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, December 11, 2001 15:36
Subject: [isalist] Stop logging Netbios?
http://www.ISAserver.org
How can I stop my IPP log filling up with Netbios broadcasts (stops me
seeing the interesting stuff when I am troubleshooting).
Eg:
I see all these LAN broadcasts.
2001-12-11 23:32:00 172.16.3.35 172.31.255.255
Udp 138 138 - BLOCKED 203.110.145.178
2001-12-11 23:32:00 172.16.2.218 172.31.255.255 Udp
138 138 - BLOCKED 203.110.145.178
2001-12-11 23:32:00 172.16.2.254 172.31.255.255 Udp
138 138 - BLOCKED 203.110.145.178
I have a rule that blocks all Netbios....and it is NOT logged.
...but it specifies the 'default external ISA IP' and 'any host'.
How can I tell it not to log ANY netbios, from anywhere to anywhere? Or
is there another way to stop LAN broadcasts ever getting to the external
interface - so they dont have to get blocked there and appear in the
log?
Al Blake
Australia
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
al.blake@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
