I recently performed an ios upgrade to run c3900-universalk9-mz.spa.157-3.m3.bin and was wondering if it can be verified that by default this IOS version would block smb ports 135-139 & 445
I am aware of the potential security risk having these ports open however the client at this time requires this so when i upgraded to this IOS train connectivity failed which meant I had to revert the change back to the previous IOS -c3900-universalk9-mz.spa.151-4.m4.bin
@Joseph W. Doherty wrote:
Paul, you're asking whether the later IOS blocks SMB port to transit traffic, by default? (Or did you mean those port on/to the router, itself? I would be surprised that a Cisco router would block any transit traffic, by default.)
Yes i am asking if the later IOS blocks those SMB ports by default due to its very high vulnerability factor.
I cannot seem to find any validation, it could be a buggy IOS which I would say Cisco TAC would be my next port of call.
Also due to the lack of any real testing environment and nature of the clients business I cannot test various ios so hence the post on here to try an obtain a definitive answer.
TBH its either a buggy software or its blocking it by default, As it cannot be anything else, a simple roll back to the older ios resolves the connectivity problem regards these ports.