Some programs insist on using dynamic high-level ports, and you have to allow a huge range for it even though it may only use two ports at any given time. There are just some cases it's not practical to have it locked down that tight. Not using those programs also isn't always an option.
|-----Original Message----- |From: Michael LaSalvia [mailto:[EMAIL PROTECTED] |Sent: Tuesday, August 12, 2003 2:58 PM |To: [EMAIL PROTECTED]; |[EMAIL PROTECTED] |Subject: RE: Blocking port 4444 for W32.Blaster.Worm | | |-----BEGIN PGP SIGNED MESSAGE----- |Hash: SHA1 | |Why would you have that port open any way on your firewall. A |firewall should be explicit deny all unless there is a need to have |that port open. I don't know many people that have port 4444 open for |any reason. I can say that because I deal with many large companies |firewalls. | |Not only should you have 4444 blocked you should have a NetBIOS block |rule that is a deny all without logging (cause it will fill the log |files fast if you did do logging.) | |- -----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] |Sent: Monday, August 11, 2003 10:57 PM |To: [EMAIL PROTECTED] |Subject: Blocking port 4444 for W32.Blaster.Worm | |Hi all, | |I have just been reading up on the Blaster Worm, and Symantec suggest |blocking TCP port 4444 at the firewall level; I was wondering if |anyone has |implemented this yet and if so, if they have any feedback on the |results |regarding performance, risks etc. | |Thanks in advance | |Steven Paice | | |- |---------------------------------------------------------------------- |- ----- |- |---------------------------------------------------------------------- |- ------ | | | |-----BEGIN PGP SIGNATURE----- |Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> | |iQA/AwUBPzk4p3AnVb+gRdsVEQJemwCgtK+9kR5BcMiKN7Kn7ThmabZ/WAgAoJ8j |NkYW182RebTFiQ6OwkZxX1B0 |=dG7W |-----END PGP SIGNATURE----- | | | |--------------------------------------------------------------- |------------ |--------------------------------------------------------------- |------------- | | --------------------------------------------------------------------------- ----------------------------------------------------------------------------
