Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blocking port 4444 for W32.Blaster.Worm

From: Brett Munhall <bmunhall () ups com>
Date: 20 Aug 2003 13:23:07 -0000
In-Reply-To: <OF4867F7BA.C7CC7A58-ON48256D81.000036BA-48256D81.00003EE1 () cityofperth wa gov au>

I have a quick question. If I block 4444 on the firewall or router and a 
workstation uses 4444 for web traffic and it is blocked. Will the 
workstation lock up or does it just retransmit the traffic on another port?

Thanks,
Brett

Received: (qmail 5945 invoked from network); 13 Aug 2003 15:43:21 -0000
Received: from outgoing2.securityfocus.com (205.206.231.26)
 by mail.securityfocus.com with SMTP; 13 Aug 2003 15:43:21 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 

[205.206.231.19])

      by outgoing2.securityfocus.com (Postfix) with QMQP
      id 4D1978F94C; Wed, 13 Aug 2003 09:14:56 -0600 (MDT)
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Received: (qmail 12400 invoked from network); 12 Aug 2003 17:56:48 -0000
In-Reply-To: <000001c36103$a17f5a60$6401a8c0@penguin>
Subject: RE: Blocking port 4444 for W32.Blaster.Worm
To: <mike () genxweb net>, <security-basics () securityfocus com>
X-Mailer: Lotus Notes Release 6.0.1 February 07, 2003
Message-ID: <OF4867F7BA.C7CC7A58-ON48256D81.000036BA-

48256D81.00003EE1 () cityofperth wa gov au>

From: Steven_Paice () cityofperth wa gov au
Date: Wed, 13 Aug 2003 08:03:55 +0800
X-MIMETrack: Serialize by Router on permail01/CityofPerth(Release 5.0.8 

|June 18, 2001) at

13/08/2003 08:03:55 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii


Thanks for the reply Michael, my post was initially just a query, upon
further investigation I found that in fact our firewall already blocks
these ports as you suggested, I just have to implement the deny all 

without

logging.


                                                                         

                                                                    

                   "Michael                                              

                                                                    

                   LaSalvia"            To:     

<Steven_Paice () cityofperth wa gov au>, <security-
basics () securityfocus com>                    

                   <mike@genxweb.       

cc:                                                                        
                          

                   net>                 Subject:     RE: Blocking port 

4444 for W32.Blaster.Worm                                             

                                                                         

                                                                    

                   

13/08/2003                                                                 
                                               

                   02:57 

AM                                                                         
                                         

                   Please 

respond                                                                    
                                        

                   to 

mike                                                                       
                                            

                                                                         

                                                                    





-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Why would you have that port open any way on your firewall. A
firewall should be explicit deny all unless there is a need to have
that port open. I don't know many people that have port 4444 open for
any reason. I can say that because I deal with many large companies
firewalls.

Not only should you have 4444 blocked you should have a NetBIOS block
rule that is a deny all without logging (cause it will fill the log
files fast if you did do logging.)

- -----Original Message-----
From: Steven_Paice () cityofperth wa gov au
[mailto:Steven_Paice () cityofperth wa gov au]
Sent: Monday, August 11, 2003 10:57 PM
To: security-basics () securityfocus com
Subject: Blocking port 4444 for W32.Blaster.Worm

Hi all,

I have just been reading up on the Blaster Worm, and Symantec suggest
blocking TCP port 4444 at the firewall level; I was wondering if
anyone has
implemented this yet and if so, if they have any feedback on the
results
regarding performance, risks etc.

Thanks in advance

Steven Paice


- ----------------------------------------------------------------------
- -----
- ----------------------------------------------------------------------
- ------



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPzk4p3AnVb+gRdsVEQJemwCgtK+9kR5BcMiKN7Kn7ThmabZ/WAgAoJ8j
NkYW182RebTFiQ6OwkZxX1B0
=dG7W
-----END PGP SIGNATURE-----






--------------------------------------------------------------------------

-

--------------------------------------------------------------------------

--





---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: