How do you block a port: Attempting to stop the iraqi oil worm

windows server 2003/DC/AD--Exchange Server 2003-- XP Clients
I was reviewing my event logs the other day and I noticed some failed audits.  When I looked at these audits they are from workstations that are not apart of my network and public ip address that I haven't seen before.  From doing research I think it is possible that we may be getting attacked by the iraqi oil worm.  Based on some other articles, They mention that port 445 should be blocked to stop the attack.

Can anyone tell me how to block a port and any other sugestions to stop this attack.

Who is Participating?
r-kConnect With a Mentor Commented:
"Can specific ports be blocked on the server itself"

With a software firewall. I think this is not recommended on a DC, however.

I am not a Cisco expert, but I would be surprised if you can't block specific ports. Someone else will probably have specifics.
You close it on your firewall.
Other countermeasures against this specific one: implement a strong password policy AND use Microsoft Baseline Security Analyser to find and resolve the most basic security flaws (null passwords, non patched systems ...).

kzackeryAuthor Commented:
We are using the firewall on our cisco router and I didn't see an area where I could close specific port numbers.  Can specific ports be blocked on the server itself.  I found the are to allow ports but it doesn't allow you to block a specific port.  You have to specify the port you want to let through.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

PowerITConnect With a Mentor Commented:
I'm also no Cisco expert. But every firewall I have ever seen allows to configure it's ports.
Maybe ask a question for that in the Cisco TA.
The built in firewall in 2003 server could be used , but can indeed be tricky on a DC.
What's even worse: blocking port 445 would disable SMB. SMB is the base microsoft protocol for sharing files, printers, etc ...
You would lose access to that server as a fileserver and printserver.
So you really have to fix this on your gateway.

kzackeryAuthor Commented:
I think I have it figured out on my router how to set rules.  I configured the rules a while ago.  I'll just wait and see now if I still receive those failed audits.  You both make good points I'll split the points.
Thanks and good luck.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.