Bob German wrote:
Absolutely. All of the NetBIOS ports: 135, 137, 138, 139, 445.
Although the public exploits floating around (at the moment) attack 135/tcp, 135/udp is also vulnerable... And for this crowd, I should point out that blocking 135/udp blocks DCE-RPC which is used rather heavily by HP OpenView by default. You may hear some shrieks of pain should you chose to block 135/udp. Oh, and according to the guys who broke the story in the first place, http://www.securityfocus.com/archive/1/329918 Port 593/tcp is also potentially problematic.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Adi Linden Sent: Friday, August 01, 2003 2:37 PM To: nanog@merit.edu Subject: Blocking port 135?
http://www.cert.org/advisories/CA-2003-19.html
Would blocking port 135 at the network edge be a prudent preventative measure?
-- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com