Security Incidents mailing list archives
RE: TCP 445 Scan?
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 04 Mar 2003 13:59:31 -0600
On Tue, 2003-03-04 at 10:18, kyle () kylelai com wrote:
[...] The only good defense is to block port 445 and port 139 ports on your firewall, and set strong passwords for every user on your network, including administrator accounts.
No offense Kyle, but this bad advice. I'm not lashing out at you, but I'm starting to get really irritated when people recommend 'simply block this port on your firewall'. If that is what you have to do, then you have much bigger problems. Firewalls should block ALL PORTS by default. Only allow in what you need to allow in. Anything else should be blocked. And that should include port 445 [1]. Here again: B L O C K A L L B Y D E F A U L T , A L L O W O N L Y W H A T I S N E E D E D . Print this out and stick it on your firewall management console :) Regards, Frank [1] Unless you really need it for some weird reason. But that would make all this a mute point anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- TCP 445 Scan? Charles Hamby (Mar 04)
- Re: TCP 445 Scan? Adam Bultman (Mar 04)
- Re: TCP 445 Scan? H C (Mar 04)
- RE: TCP 445 Scan? Charles Hamby (Mar 05)
- Re: TCP 445 Scan? Bill McCarty (Mar 04)
- RE: TCP 445 Scan? kyle (Mar 04)
- RE: TCP 445 Scan? Frank Knobbe (Mar 05)
- RE: TCP 445 Scan? kyle (Mar 05)
- RE: TCP 445 Scan? Frank Knobbe (Mar 05)
- Re: TCP 445 Scan? Brian McWilliams (Mar 05)
- Re: TCP 445 Scan? Johannes Ullrich (Mar 06)
- RE: TCP 445 Scan? kyle (Mar 06)
- Re: TCP 445 Scan? Johannes Ullrich (Mar 06)
- <Possible follow-ups>
- Re: TCP 445 Scan? Tom_Staskiewicz (Mar 04)
- SV: TCP 445 Scan? Peter Kruse (Mar 05)
- RE: TCP 445 Scan? Lee_Fisher (Mar 04)
- RE: TCP 445 Scan? Thompson, Jason (Mar 06)