Disable the forwarding of broadcast packets on ports 137 and 138

[De8o]

Hi all,

can somebody give me fairly detailed and easy to follow steps (HowTo for dummies!!!) to do the following.

Disable the forwarding of broadcast packets on ports 137 and 138.

Thanks in advance,
Darren

 

[tschouten]

Darren your router shouldn't be broadcasting accross these ports by default. If you have ip-helper enabled then yeah they will be broadcasted accross.

 

[cluey]

Well you can't disable broadcast's through these ports unless you block the ports. Just remember netbios traffic flows through port 137 & 138. The new worm virus uses these ports to spread and is known to have caused a menace even with cisco devices. I recommended using the following syntax to block the port 137,138. Most cisco routers running ios 11.2 and up support the following commands:

ip access-list extended block-ports
deny tcp any any eq 138
deny udp any any eq 138
deny tcp any any eq 137
deny udp any any eq 137

Now use the following command on the appropiate interfaces:

ip access-group block-ports in
ip access-group block-ports out

 

[gaveeve]

Because of the implicit deny at the end of an access list you will deny all traffic(oversight I'm sure). You need a permit statement to allow something.

permit tcp any any eq 80

 

[cluey]

Well, its an explicity deny all at the end of each access-list, so you will need add the follwoing rule to allow all other traffic through "permit ip any any"