kzackery
asked on
How do you block a port: Attempting to stop the iraqi oil worm
windows server 2003/DC/AD--Exchange Server 2003-- XP Clients
I was reviewing my event logs the other day and I noticed some failed audits. When I looked at these audits they are from workstations that are not apart of my network and public ip address that I haven't seen before. From doing research I think it is possible that we may be getting attacked by the iraqi oil worm. Based on some other articles, They mention that port 445 should be blocked to stop the attack.
Can anyone tell me how to block a port and any other sugestions to stop this attack.
Thanks
I was reviewing my event logs the other day and I noticed some failed audits. When I looked at these audits they are from workstations that are not apart of my network and public ip address that I haven't seen before. From doing research I think it is possible that we may be getting attacked by the iraqi oil worm. Based on some other articles, They mention that port 445 should be blocked to stop the attack.
Can anyone tell me how to block a port and any other sugestions to stop this attack.
Thanks
ASKER
We are using the firewall on our cisco router and I didn't see an area where I could close specific port numbers. Can specific ports be blocked on the server itself. I found the are to allow ports but it doesn't allow you to block a specific port. You have to specify the port you want to let through.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
I think I have it figured out on my router how to set rules. I configured the rules a while ago. I'll just wait and see now if I still receive those failed audits. You both make good points I'll split the points.
I think I have it figured out on my router how to set rules. I configured the rules a while ago. I'll just wait and see now if I still receive those failed audits. You both make good points I'll split the points.
Thanks and good luck.
Other countermeasures against this specific one: implement a strong password policy AND use Microsoft Baseline Security Analyser to find and resolve the most basic security flaws (null passwords, non patched systems ...).
J.