Yesturday, SANS came out with a "Dangerous Windows Flaw" advisory (see
http://www.sans.org/newlook/resources/win_flaw.htm for details).
They recommend that you block outgoing Windows File Sharing at the firewall
by block outgoing traffic to ports UDP 138, UDP and TCP 139, and UDP and TCP
445.
udp 138 (predefined by CheckPoint as NB datagram)
tcp 139 (predefined by CheckPoint as NB session)
udp 139* (???NB Session Service???)
tcp and udp 445 (Microsoft-DS (DS=Directory Services?) not predefined)
I noticed that NB name is NOT included, but udp 139 is... Do you think they
meant to put UDP 137 (NB name) instead of UDP 139? (This way it would be the
group NBT + tcp/udp 445 for Directory Services.)
-- DH
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
