Security Basics mailing list archives

RE: Blocking port 4444 for W32.Blaster.Worm

From: "CHRIS GRABENSTEIN" <LFGRABC () LF VCCS EDU>
Date: Tue, 12 Aug 2003 16:36:27 -0400

Some programs insist on using dynamic high-level ports, and you have to allow
a huge range for it even though it may only use two ports at any given time.
There are just some cases it's not practical to have it locked down that
tight.  Not using those programs also isn't always an option.

|-----Original Message-----
|From: Michael LaSalvia [mailto:mike () genxweb net] 
|Sent: Tuesday, August 12, 2003 2:58 PM
|To: Steven_Paice () cityofperth wa gov au; 
|security-basics () securityfocus com
|Subject: RE: Blocking port 4444 for W32.Blaster.Worm
|
|
|-----BEGIN PGP SIGNED MESSAGE-----
|Hash: SHA1
|
|Why would you have that port open any way on your firewall. A
|firewall should be explicit deny all unless there is a need to have
|that port open. I don't know many people that have port 4444 open for
|any reason. I can say that because I deal with many large companies
|firewalls.
|
|Not only should you have 4444 blocked you should have a NetBIOS block
|rule that is a deny all without logging (cause it will fill the log
|files fast if you did do logging.)
|
|- -----Original Message-----
|From: Steven_Paice () cityofperth wa gov au
|[mailto:Steven_Paice () cityofperth wa gov au] 
|Sent: Monday, August 11, 2003 10:57 PM
|To: security-basics () securityfocus com
|Subject: Blocking port 4444 for W32.Blaster.Worm
|
|Hi all,
|
|I have just been reading up on the Blaster Worm, and Symantec suggest
|blocking TCP port 4444 at the firewall level; I was wondering if
|anyone has
|implemented this yet and if so, if they have any feedback on the
|results
|regarding performance, risks etc.
|
|Thanks in advance
|
|Steven Paice
|
|
|- 
|----------------------------------------------------------------------
|- -----
|- 
|----------------------------------------------------------------------
|- ------
|
|
|
|-----BEGIN PGP SIGNATURE-----
|Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
|
|iQA/AwUBPzk4p3AnVb+gRdsVEQJemwCgtK+9kR5BcMiKN7Kn7ThmabZ/WAgAoJ8j
|NkYW182RebTFiQ6OwkZxX1B0
|=dG7W
|-----END PGP SIGNATURE-----
|
|
|
|---------------------------------------------------------------
|------------
|---------------------------------------------------------------
|-------------
|
|

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Blocking port 4444 for W32.Blaster.Worm Steven_Paice (Aug 12)
- RE: Blocking port 4444 for W32.Blaster.Worm Michael LaSalvia (Aug 12)
  - RE: Blocking port 4444 for W32.Blaster.Worm Steven_Paice (Aug 13)
- <Possible follow-ups>
- RE: Blocking port 4444 for W32.Blaster.Worm CHRIS GRABENSTEIN (Aug 12)
- Re: Blocking port 4444 for W32.Blaster.Worm Brett Munhall (Aug 20)
  - Re: Blocking port 4444 for W32.Blaster.Worm chort (Aug 20)
  - RE: Blocking port 4444 for W32.Blaster.Worm David Gillett (Aug 20)
- RE: Blocking port 4444 for W32.Blaster.Worm Dave Killion (Aug 20)