D H wrote:
>
> Yesturday, SANS came out with a "Dangerous Windows Flaw" advisory (see
> http://www.sans.org/newlook/resources/win_flaw.htm for details).
>
> They recommend that you block outgoing Windows File Sharing at the firewall
> by block outgoing traffic to ports UDP 138, UDP and TCP 139, and UDP and TCP
> 445.
>
> udp 138 (predefined by CheckPoint as NB datagram)
> tcp 139 (predefined by CheckPoint as NB session)
> udp 139* (???NB Session Service???)
> tcp and udp 445 (Microsoft-DS (DS=Directory Services?) not predefined)
>
> I noticed that NB name is NOT included, but udp 139 is... Do you think they
> meant to put UDP 137 (NB name) instead of UDP 139? (This way it would be the
> group NBT + tcp/udp 445 for Directory Services.)
No. File sharing occurs over the ports they listed.
-paul
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
