Re: PIX question - Is New Internet Worm blocked out of the box?

BRAD VAUGHN · ‎08-13-2003

Am I right to assume that the handful of ports 69, 135, 139, 445 and 4444 are blocked by nature on the PIX? I have not expressly opened any of them as far as I can tell? I have looked around on the net and not found anyone talking about the PIX in conjunction with this worm. Thanks for you help.

deepakd · ‎08-13-2003

Traffic from outside to inside is denied unless permitted. If you are not allowing the traffic for above mentioned ports using access-list or conduit, you are fine.

BRAD VAUGHN · ‎08-13-2003

Thanks. It seemed that way, but I was worried that I had mis-understood my PIX documentation.

jackko · ‎08-13-2003

yea, it is blocked by default. but we should also search for the specific exe file. if the worm is already sitting at one of the inside hosts, then there would be a bit worry.

genghiskhan · ‎08-13-2003

These ports are blocked from outside to inside (inbound traffic) interfaces only. They are not blocked from inside to outside (outbound traffic). If you have an infected PC on your network, it will eventually start trying to spread outside of your network thru the firewall. I have seen this first hand. So be sure to block outbound traffic on these ports.

danderson · ‎08-14-2003

How do I do this? I am a newbie and don't know much about the CLI. What statements must I type in in order to achieve this after I do the config t?

Thanks.