×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX question - Is New Internet Worm blocked out of the box?

Unanswered Question
Aug 13th, 2003
User Badges:

Am I right to assume that the handful of ports 69, 135, 139, 445 and 4444 are blocked by nature on the PIX? I have not expressly opened any of them as far as I can tell? I have looked around on the net and not found anyone talking about the PIX in conjunction with this worm. Thanks for you help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
deepakd Wed, 08/13/2003 - 06:18
User Badges:

Traffic from outside to inside is denied unless permitted. If you are not allowing the traffic for above mentioned ports using access-list or conduit, you are fine.

BRAD VAUGHN Wed, 08/13/2003 - 08:23
User Badges:

Thanks. It seemed that way, but I was worried that I had mis-understood my PIX documentation.

jackko Wed, 08/13/2003 - 15:03
User Badges:
  • Gold, 750 points or more

yea, it is blocked by default. but we should also search for the specific exe file. if the worm is already sitting at one of the inside hosts, then there would be a bit worry.

genghiskhan Wed, 08/13/2003 - 16:14
User Badges:

These ports are blocked from outside to inside (inbound traffic) interfaces only. They are not blocked from inside to outside (outbound traffic). If you have an infected PC on your network, it will eventually start trying to spread outside of your network thru the firewall. I have seen this first hand. So be sure to block outbound traffic on these ports.

Actions

This Discussion