Jump to content

WannaCry - Block using Firewall


straycat19

Recommended Posts

straycat19

The following is not contained in an article but is common knowledge among security professionals that ALL malware that uses SMB (starting with the Blaster worm in 2000) can be blocked using a firewall.  Initially Blaster was stopped by blocking TCP ports 139 and 445.  We have been blocking those ports permanently since that time.

 

Additionally, for WannaCry, you should block TCP port 137 and UDP ports 137 and 138.

 

Link to comment
Share on other sites


  • Replies 10
  • Views 2.8k
  • Created
  • Last Reply

Already done since the beginning of the time when we started to use the device. 8N3udPP.gif

 

 

c8wANwy.png

sRHMcrF.png

Link to comment
Share on other sites


  • Administrator

As someone who regularly uses and requires SMB - Windows to Linux and Windows to Android connections, I wish I could do this. Or somehow there is a way to do this on router to allow SMB only on LAN here.

Link to comment
Share on other sites


I Am Negan
6 hours ago, straycat19 said:

The following is not contained in an article but is common knowledge among security professionals that ALL malware that uses SMB (starting with the Blaster worm in 2000) can be blocked using a firewall.  Initially Blaster was stopped by blocking TCP ports 139 and 445.  We have been blocking those ports permanently since that time.

 

Additionally, for WannaCry, you should block TCP port 137 and UDP ports 137 and 138.

 

Do you block the source port or destination port?

Link to comment
Share on other sites


I Am Negan
11 minutes ago, Togijak said:

@Kerry4444

 

you have to block inbound (if you don't know how you can look here)

I know how to do it in my comodo firewall, just got confused on  source port or destination port.

 

So destination port would be inbound?

Link to comment
Share on other sites


You can also install latest windows updates and get the patch I installed the patch on my moms windows xp computer.  I also saw a article posted here:

 

 

That mentioned those tcp ports 139 and 445.  The additional ports are not.

Link to comment
Share on other sites


You can install latest windows updates and get the patch (the patch is not alone additional updates are with it install the update anyway any KBarticle that starts with fourzeroone install them all).  You can also block these ports to protect against the infection and any infections like it that try to target SMB traffic.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...