cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
0
Helpful
5
Replies

PIX question - Is New Internet Worm blocked out of the box?

BRAD VAUGHN
Level 1
Level 1

Am I right to assume that the handful of ports 69, 135, 139, 445 and 4444 are blocked by nature on the PIX? I have not expressly opened any of them as far as I can tell? I have looked around on the net and not found anyone talking about the PIX in conjunction with this worm. Thanks for you help.

5 Replies 5

deepakd
Level 1
Level 1

Traffic from outside to inside is denied unless permitted. If you are not allowing the traffic for above mentioned ports using access-list or conduit, you are fine.

Thanks. It seemed that way, but I was worried that I had mis-understood my PIX documentation.

yea, it is blocked by default. but we should also search for the specific exe file. if the worm is already sitting at one of the inside hosts, then there would be a bit worry.

genghiskhan
Level 1
Level 1

These ports are blocked from outside to inside (inbound traffic) interfaces only. They are not blocked from inside to outside (outbound traffic). If you have an infected PC on your network, it will eventually start trying to spread outside of your network thru the firewall. I have seen this first hand. So be sure to block outbound traffic on these ports.

How do I do this? I am a newbie and don't know much about the CLI. What statements must I type in in order to achieve this after I do the config t?

Thanks.

Review Cisco Networking for a $25 gift card