Hi there,
As per recent sasser virus outbreak, those AV website suggested to block the following ports:
tcp 139,445,5554,9996
On my pix506 there is no rule to allow those ports access from outside to inside, so by default I shouldn't receive direct attack from outside, right?
If somehow my internal machines got infected & listening to those ports, will this implicitly allow incoming traffic from outside?
Anyway I would like to ask, the best way to block those ports, should I
1. explicitly block outside_access_in for those listed ports?
or
2. explicitly block inside_access_in for those listed ports?
or
3. explicitly block both outside/inside?
Thanks so much for the help!
As per recent sasser virus outbreak, those AV website suggested to block the following ports:
tcp 139,445,5554,9996
On my pix506 there is no rule to allow those ports access from outside to inside, so by default I shouldn't receive direct attack from outside, right?
If somehow my internal machines got infected & listening to those ports, will this implicitly allow incoming traffic from outside?
Anyway I would like to ask, the best way to block those ports, should I
1. explicitly block outside_access_in for those listed ports?
or
2. explicitly block inside_access_in for those listed ports?
or
3. explicitly block both outside/inside?
Thanks so much for the help!