straycat19 Posted May 14, 2017 Share Posted May 14, 2017 The following is not contained in an article but is common knowledge among security professionals that ALL malware that uses SMB (starting with the Blaster worm in 2000) can be blocked using a firewall. Initially Blaster was stopped by blocking TCP ports 139 and 445. We have been blocking those ports permanently since that time. Additionally, for WannaCry, you should block TCP port 137 and UDP ports 137 and 138. Link to comment Share on other sites More sharing options...
Recruit Posted May 14, 2017 Share Posted May 14, 2017 Already done since the beginning of the time when we started to use the device. Link to comment Share on other sites More sharing options...
Batu69 Posted May 14, 2017 Share Posted May 14, 2017 Topic moved from security & privacy news forum. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted May 14, 2017 Administrator Share Posted May 14, 2017 As someone who regularly uses and requires SMB - Windows to Linux and Windows to Android connections, I wish I could do this. Or somehow there is a way to do this on router to allow SMB only on LAN here. Link to comment Share on other sites More sharing options...
I Am Negan Posted May 14, 2017 Share Posted May 14, 2017 6 hours ago, straycat19 said: The following is not contained in an article but is common knowledge among security professionals that ALL malware that uses SMB (starting with the Blaster worm in 2000) can be blocked using a firewall. Initially Blaster was stopped by blocking TCP ports 139 and 445. We have been blocking those ports permanently since that time. Additionally, for WannaCry, you should block TCP port 137 and UDP ports 137 and 138. Do you block the source port or destination port? Link to comment Share on other sites More sharing options...
Togijak Posted May 14, 2017 Share Posted May 14, 2017 @Kerry4444 you have to block inbound (if you don't know how you can look here) Link to comment Share on other sites More sharing options...
I Am Negan Posted May 14, 2017 Share Posted May 14, 2017 11 minutes ago, Togijak said: @Kerry4444 you have to block inbound (if you don't know how you can look here) I know how to do it in my comodo firewall, just got confused on source port or destination port. So destination port would be inbound? Link to comment Share on other sites More sharing options...
Togijak Posted May 15, 2017 Share Posted May 15, 2017 8 hours ago, Kerry4444 said: I know how to do it in my comodo firewall, just got confused on source port or destination port. So destination port would be inbound? 1.) I am using a german windows 2.) just look at this pictures http://www.sciencehq.com/infos/how-to-block-ports-in-windows-7.html Link to comment Share on other sites More sharing options...
Holmes Posted May 15, 2017 Share Posted May 15, 2017 You can also install latest windows updates and get the patch I installed the patch on my moms windows xp computer. I also saw a article posted here: That mentioned those tcp ports 139 and 445. The additional ports are not. Link to comment Share on other sites More sharing options...
ZackMark29 Posted May 15, 2017 Share Posted May 15, 2017 Do you think this method is really working? Link to comment Share on other sites More sharing options...
Holmes Posted May 15, 2017 Share Posted May 15, 2017 You can install latest windows updates and get the patch (the patch is not alone additional updates are with it install the update anyway any KBarticle that starts with fourzeroone install them all). You can also block these ports to protect against the infection and any infections like it that try to target SMB traffic. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.