RE: Blocking port 4444 for W32.Blaster.Worm

["Michael LaSalvia" <mike () genxweb net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Why would you have that port open any way on your firewall. A
firewall should be explicit deny all unless there is a need to have
that port open. I don't know many people that have port 4444 open for
any reason. I can say that because I deal with many large companies
firewalls.

Not only should you have 4444 blocked you should have a NetBIOS block
rule that is a deny all without logging (cause it will fill the log
files fast if you did do logging.)

- -----Original Message-----
From: Steven_Paice () cityofperth wa gov au
[mailto:Steven_Paice () cityofperth wa gov au] 
Sent: Monday, August 11, 2003 10:57 PM
To: security-basics () securityfocus com
Subject: Blocking port 4444 for W32.Blaster.Worm

Hi all,

I have just been reading up on the Blaster Worm, and Symantec suggest
blocking TCP port 4444 at the firewall level; I was wondering if
anyone has
implemented this yet and if so, if they have any feedback on the
results
regarding performance, risks etc.

Thanks in advance

Steven Paice


- ----------------------------------------------------------------------
- -----
- ----------------------------------------------------------------------
- ------



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPzk4p3AnVb+gRdsVEQJemwCgtK+9kR5BcMiKN7Kn7ThmabZ/WAgAoJ8j
NkYW182RebTFiQ6OwkZxX1B0
=dG7W
-----END PGP SIGNATURE-----



---------------------------------------------------------------------------
----------------------------------------------------------------------------