Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
192
Views
0
Helpful
1
Replies

virus access-list help

Armegeden
Level 1
Level 1

‎02-02-2006 01:50 AM - edited ‎03-03-2019 01:40 AM

Hello all,

I have an access-list that is denying any access to eq 445. Someone had set this list up before I was here, and I assume it's for some Blaster varient or something.

The problem is one of the System guys says it's a legit service, something to do with Active Directory.

When I do "sh logging" I see thousands of hits where it deny's one packet at a time from port 445 to misc IP addresses.

I do "sh access-list" and the deny 445 entry has millions of hits.

We do a network wide Symantec update and scan and find nothing.

Should I disable this 445 entry? Is it a legit service?

Thanx for any help

Labels:
0 Helpful
1 Reply 1

Patrick Laidlaw
Level 4
Level 4

‎02-02-2006 09:27 AM

Hello,

Port 445 is SMB over tcp or commonly referred to now by Microsoft a CIFS (Common Internet File System). This is vallid traffic so internally between sites that transfer files you should not be blocking this traffic but from external nets by all means this should be blocked.

HTH please rate any posts that were helpful.

Patrick Laidlaw

0 Helpful
Customers Also Viewed These Support Documents