?
Solved

How do you block a port: Attempting to stop the iraqi oil worm

Posted on 2007-10-18
6
Medium Priority
?
237 Views
Last Modified: 2013-12-04
windows server 2003/DC/AD--Exchange Server 2003-- XP Clients
I was reviewing my event logs the other day and I noticed some failed audits.  When I looked at these audits they are from workstations that are not apart of my network and public ip address that I haven't seen before.  From doing research I think it is possible that we may be getting attacked by the iraqi oil worm.  Based on some other articles, They mention that port 445 should be blocked to stop the attack.

Can anyone tell me how to block a port and any other sugestions to stop this attack.

Thanks
0
Comment
Question by:kzackery
  • 2
  • 2
  • 2
6 Comments
 
LVL 18

Expert Comment

by:PowerIT
ID: 20101651
You close it on your firewall.
Other countermeasures against this specific one: implement a strong password policy AND use Microsoft Baseline Security Analyser to find and resolve the most basic security flaws (null passwords, non patched systems ...).

J.
0
 

Author Comment

by:kzackery
ID: 20101880
We are using the firewall on our cisco router and I didn't see an area where I could close specific port numbers.  Can specific ports be blocked on the server itself.  I found the are to allow ports but it doesn't allow you to block a specific port.  You have to specify the port you want to let through.
0
 
LVL 32

Accepted Solution

by:
r-k earned 1000 total points
ID: 20103533
"Can specific ports be blocked on the server itself"

With a software firewall. I think this is not recommended on a DC, however.

I am not a Cisco expert, but I would be surprised if you can't block specific ports. Someone else will probably have specifics.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 1000 total points
ID: 20103615
I'm also no Cisco expert. But every firewall I have ever seen allows to configure it's ports.
Maybe ask a question for that in the Cisco TA.
The built in firewall in 2003 server could be used , but can indeed be tricky on a DC.
What's even worse: blocking port 445 would disable SMB. SMB is the base microsoft protocol for sharing files, printers, etc ...
You would lose access to that server as a fileserver and printserver.
So you really have to fix this on your gateway.

J.
0
 

Author Comment

by:kzackery
ID: 20105497
Thanks.
I think I have it figured out on my router how to set rules.  I configured the rules a while ago.  I'll just wait and see now if I still receive those failed audits.  You both make good points I'll split the points.
0
 
LVL 32

Expert Comment

by:r-k
ID: 20105508
Thanks and good luck.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question