Netbios ports showing up closed not stealth



  • Hi ,is there a simple way of putting netbios ports on the outside (wan) in to a stealth mode.
    Even with block rules on the LAN and the wan they still show up as closed.See below

    I know this is not a security issue but it is annoying as I don't have any microsoft devices
    on my network or anything using samba

    file:///home/ian/downloads/Screenshot_2020-07-19 Firewall grindey co uk - Firewall Rules LAN.png
    file:///home/ian/downloads/Screenshot_2020-07-19 Firewall grindey co uk - Firewall Rules WAN.png



  • @Grindey said in Netbios ports showing up closed not stealth:

    file:///home/ian/downloads/Screenshot_2020-07-19 Firewall grindey co uk - Firewall Rules LAN.png
    file:///home/ian/downloads/Screenshot_2020-07-19 Firewall grindey co uk - Firewall Rules WAN.png

    Gives "File not found"
    You ok there ;)

    Are you sure it's you who is responding to the scan?



  • Sure cant see how to upload an image file ,now worked it out the rules are on the lan and the wan port

    Screenshot_2020-07-19 Firewall grindey co uk - Firewall Rules LAN.png Screenshot_2020-07-19 Firewall grindey co uk - Firewall Rules WAN.png



  • Are you sure this isn't your ISP blocking those ports? Mine does so they always show up as 'closed' on external scans - https://support.zen.co.uk/kb/Knowledgebase/Do-Zen-block-any-ports



  • @Grindey said in Netbios ports showing up closed not stealth:

    ,is there a simple way of putting netbios ports on the outside (wan) in to a stealth mode.
    Even with block rules on the LAN and the wan they still show up as closed

    Hi,

    When you installed pfSense, everything is blocked from the outside.
    So when you scan your WAN IP using a you like this, and it shows open or closed port, then your not hitting the pfSense WAN interface, but something placed in front of it, like your ISP router.

    No need to block Netbios traffic on the LAN side, as by definition this traffic isn't routed anyway.



  • Thanks both, that is definitely what's happing, as like bigsy I have an account with Zen. So the answer to my question is no there is no simple way of making my ports stealth . Project abandoned.

    I tried adding rules to see if they would make any difference which they did not so I will remove them. The implicit deny rule I have added would stop anything internally using those ports anyway.

    I put an extra implicit deny rule in to monitor any network activity I was not expecting. I presume like most firewalls I have worked on there is an invisible deny rule anyway.

    Thanks for the help


Log in to reply