07-17-2006 05:17 AM - edited 03-09-2019 03:36 PM
hi,
on the edge PIX, i noticed a lot of traffic generating on port TCP 445 and 139, and when i checked on the internet i found that these ports are malicious and dangerous but when i block them on the internal interface the browsing stops.
Please advice, should i keep them open???
regards
Fady
07-17-2006 07:34 AM
Hello Fady,
Ports 139 & 445 are Windows ports.
Port 139 NetBIOS
NetBIOS Session (TCP), Windows File and Printer Sharing
This is one of the most dangerous port on the Internet. All "File and Printer Sharing" on a Windows machine runs over this port. About 10% of all users on the Internet leave their hard disks exposed on this port.
Port 445 SMB
In Windows 2000, Microsoft has created a new transport for SMB over TCP and UDP on port 445. This replaces the older implementation that was over ports 137, 138, 139.
Your Pix should be by default be blocking these inbound. If you block these outbound as well, you will loose browsing capabilities to networks past the internat network. I would say a security conscientious individual would block these outbound as well. It basically boils down to risk assessment. Do your users really need this functionality? What happens if there is an intrusion as a result? etc.
Hope this helps! If so, please rate.
Thanks
07-18-2006 10:58 AM
Well the browsing is very important for them.
the inbound traffic on PIX is already blocked by default but i have aattached an ACL on the outside interface to block these ports on the inbound traffic as well.
Hope this will help preventing attacks.
I'm planning to plug an IPS4240 in the next couple of weeks. i hope that the ACL and PIX will help in the mean time.
please advice
regards
Fady
07-24-2006 05:40 PM
What browsing are you doing outbound? if you are browsing computers outside you need to be careful. you can put in an access list that permits it outbbound only to specific hosts or networks. You need to set up a unified defense and the IPS must work in concert with the PIX.
05-26-2017 12:07 AM
Blocking 445 at the firewall is relatively easy and solves many problems. The real issue with 445 internal.
445 needs to be open in Windows environments and is a prime conduit for the spread of malware internally. apart from this i have enlisted few more ways here which are also useful in preventing the malware spread.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide