block tcpip port 445 within a 8600 network 2

[mucca]

Hello guys a bit of an urgent one , we have a worm on our network and our virus guy has asked us to block tcpip port 445 accross our 8600,s .
How can this be achieved given the 8600 is a layer3 device ??

Big thanks in anticipation guys !!

mucca

 

[anthonyanderberg]

We've created filters for our R-Series modules, its pretty hard from the command line but its only a pain from Device Manager. In any case I think they would work for you, search for a couple documents called "Configuring QoS and IP Filtering" - there is one for 'legacy' systems and one for R modules.

 

[andy88]

This should work on older software/hardware


config ip traffic-filter create global src-ip 0.0.0.0/0.0.0.0 dst-ip 0.0.0.0/0.0.0.0 id 1
config ip traffic-filter filter 1 action mode drop
config ip traffic-filter filter 1 match dst-port 445 dst-option equal
config ip traffic-filter filter 1 match protocol tcp

Add to ports required.
config ip traffic-filter global-set 1 create name block445
config ip traffic-filter global-set 1 add-filter 1

config ethernet 1/1 ip traffic-filter create # slot/port has to be configured
config ethernet 1/1 ip traffic-filter add set 1
config ethernet 1/1 ip traffic-filter default-action forward
config ethernet 1/1 ip traffic-filter enableconf eth

 

[mucca]

Big Thanks guys , very helpful I will be implementing this today !

mucca