Security Basics mailing list archives
Re: Blocking port 4444 for W32.Blaster.Worm
From: Brett Munhall <bmunhall () ups com>
Date: 20 Aug 2003 13:23:07 -0000
In-Reply-To: <OF4867F7BA.C7CC7A58-ON48256D81.000036BA-48256D81.00003EE1 () cityofperth wa gov au> I have a quick question. If I block 4444 on the firewall or router and a workstation uses 4444 for web traffic and it is blocked. Will the workstation lock up or does it just retransmit the traffic on another port? Thanks, Brett
Received: (qmail 5945 invoked from network); 13 Aug 2003 15:43:21 -0000 Received: from outgoing2.securityfocus.com (205.206.231.26) by mail.securityfocus.com with SMTP; 13 Aug 2003 15:43:21 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP id 4D1978F94C; Wed, 13 Aug 2003 09:14:56 -0600 (MDT) Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Received: (qmail 12400 invoked from network); 12 Aug 2003 17:56:48 -0000 In-Reply-To: <000001c36103$a17f5a60$6401a8c0@penguin> Subject: RE: Blocking port 4444 for W32.Blaster.Worm To: <mike () genxweb net>, <security-basics () securityfocus com> X-Mailer: Lotus Notes Release 6.0.1 February 07, 2003 Message-ID: <OF4867F7BA.C7CC7A58-ON48256D81.000036BA-
48256D81.00003EE1 () cityofperth wa gov au>
From: Steven_Paice () cityofperth wa gov au Date: Wed, 13 Aug 2003 08:03:55 +0800 X-MIMETrack: Serialize by Router on permail01/CityofPerth(Release 5.0.8
|June 18, 2001) at
13/08/2003 08:03:55 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Thanks for the reply Michael, my post was initially just a query, upon further investigation I found that in fact our firewall already blocks these ports as you suggested, I just have to implement the deny all
without
logging.
"Michael
LaSalvia" To:
<Steven_Paice () cityofperth wa gov au>, <security- basics () securityfocus com>
<mike@genxweb.
cc:
net> Subject: RE: Blocking port
4444 for W32.Blaster.Worm
13/08/2003
02:57
AM
Please
respond
to
mike
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why would you have that port open any way on your firewall. A firewall should be explicit deny all unless there is a need to have that port open. I don't know many people that have port 4444 open for any reason. I can say that because I deal with many large companies firewalls. Not only should you have 4444 blocked you should have a NetBIOS block rule that is a deny all without logging (cause it will fill the log files fast if you did do logging.) - -----Original Message----- From: Steven_Paice () cityofperth wa gov au [mailto:Steven_Paice () cityofperth wa gov au] Sent: Monday, August 11, 2003 10:57 PM To: security-basics () securityfocus com Subject: Blocking port 4444 for W32.Blaster.Worm Hi all, I have just been reading up on the Blaster Worm, and Symantec suggest blocking TCP port 4444 at the firewall level; I was wondering if anyone has implemented this yet and if so, if they have any feedback on the results regarding performance, risks etc. Thanks in advance Steven Paice - ---------------------------------------------------------------------- - ----- - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPzk4p3AnVb+gRdsVEQJemwCgtK+9kR5BcMiKN7Kn7ThmabZ/WAgAoJ8j NkYW182RebTFiQ6OwkZxX1B0 =dG7W -----END PGP SIGNATURE----- --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Blocking port 4444 for W32.Blaster.Worm Steven_Paice (Aug 12)
- RE: Blocking port 4444 for W32.Blaster.Worm Michael LaSalvia (Aug 12)
- RE: Blocking port 4444 for W32.Blaster.Worm Steven_Paice (Aug 13)
- <Possible follow-ups>
- RE: Blocking port 4444 for W32.Blaster.Worm CHRIS GRABENSTEIN (Aug 12)
- Re: Blocking port 4444 for W32.Blaster.Worm Brett Munhall (Aug 20)
- Re: Blocking port 4444 for W32.Blaster.Worm chort (Aug 20)
- RE: Blocking port 4444 for W32.Blaster.Worm David Gillett (Aug 20)
- RE: Blocking port 4444 for W32.Blaster.Worm Dave Killion (Aug 20)
- RE: Blocking port 4444 for W32.Blaster.Worm Michael LaSalvia (Aug 12)