Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

virus access-list help

Hello all,

I have an access-list that is denying any access to eq 445. Someone had set this list up before I was here, and I assume it's for some Blaster varient or something.

The problem is one of the System guys says it's a legit service, something to do with Active Directory.

When I do "sh logging" I see thousands of hits where it deny's one packet at a time from port 445 to misc IP addresses.

I do "sh access-list" and the deny 445 entry has millions of hits.

We do a network wide Symantec update and scan and find nothing.

Should I disable this 445 entry? Is it a legit service?

Thanx for any help

1 REPLY

Re: virus access-list help

Hello,

Port 445 is SMB over tcp or commonly referred to now by Microsoft a CIFS (Common Internet File System). This is vallid traffic so internally between sites that transfer files you should not be blocking this traffic but from external nets by all means this should be blocked.

HTH please rate any posts that were helpful.

Patrick Laidlaw

102
Views
0
Helpful
1
Replies
CreatePlease to create content