Solved

Sonicwall soho series firewall reporting Malformed Packet on ports 137-139, UDP every 2 minutes

Posted on 2004-04-16
7
566 Views
Last Modified: 2013-12-05
Hello,

A sonicwall soho series firewall (about 5 years old.. unsure on the version/model/firmware numbers) reports and drops a "Malformed Packet" everytime Samba broadcasts a packet on UDP ports 137-139.  

The linux distribution is Red Hat Enterprise Linux ES 3.0.
The version of Samba is the latest offered from RHN.

Source IP - 192.168.1.8 (samba server) - Destination IP - 192.168.1.255 (broadcast)

I have seen on Linuxquestions.org that others have had this problem when combining Sonicwall and Samba.  However there were no solutions offered.  Furthermore, Sonicwall's whitepapers does not have any information regarding Samba/SMB.

What was tried so far:

1) I have allowed Netbios broadcasts via a checkbox in the Sonicwall configuration
2) I have created an Allow rule for any internal UDP packets on ports 137-139 originating from 192.168.1.8

My intuition says that this is not a problem with SMB but possibly a network configuration problem on the Samba server's eth0 interface - or, it is a Sonicwall mis-judgement of a SMB packet (possibly corrected in recent versions of it's firewall family).

I will post my ifconfig eth0 output as soon as I have remote access to the server.  

Let me know what extra information is needed.

Thanks in advance!

0
Comment
Question by:dhaurey
  • 4
  • 3
7 Comments
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 10843364
I dont have any experience with sonicwall. But is there not an option to turn off checks for malformed packets?
0
 

Author Comment

by:dhaurey
ID: 10844299
Unfortunately, owensleftfoot, I did not find such an option.  
0
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 10846561
Like you I found a couple of references to the same problem on the net with no solutions. What version of samba does RHE 3 ship with? The latest version of samba appears to be 3-0-2a - upgrading to this version is worth a try.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:dhaurey
ID: 10846930
We currently have samba-3.0.2-6.3E.  This version was downloaded directly from Red Hat Network...  I wonder what other options we have..?
0
 
LVL 17

Accepted Solution

by:
owensleftfoot earned 125 total points
ID: 10850279
You said that sonicwall doesnt have an option for ignoring malformed packets. I was going to suggest that you allow all packets on ports 137 & 139 but I see from rereading your posts you have already tried this. The thing that gets me though is that if smoothwall is configured to allow packets to these ports, why is it examining them anyway? There may not be an option for ignoring malformed packets but are there options as to how "strict" the packet analysis is? Apart from that Im stumped. You didnt actually need help anyway - you have already tried all the things that anyone could have advised you on. It just appears to be one of those occasions where computers get the best of us :) New firewall perhaps? You could always turn an old 486 into a firewall using the excellent  http://www.smoothwall.org/
0
 

Author Comment

by:dhaurey
ID: 10851014
If it were entirely up to me - we would replace the sonicwall with a soho-series Pix (like the 506).  However, hardware procurement is out of my hands.  

It is so hard to believe that so few have used Sonicwall with Samba.  

This makes me think that we are missing something.

hmm..
0
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 10853043
As you said, your firewall is pretty old. Any duplication of your problem seems only to involve redhat from 9.0 on. People are either using it with an older version of redhat or are using a more up to date version of the firewall.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Creating a Samba server for a small office. Ubuntu Linux and Samba can breathe new life into a retired PC and save an office money on new hardware/software. Our example server will have two hard disks, one exclusively for storing shared data. …
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now