12-05-2018 03:30 PM - edited 03-05-2019 11:05 AM
Hello
I recently performed an ios upgrade to run c3900-universalk9-mz.spa.157-3.m3.bin and was wondering if it can be verified that by default this IOS version would block smb ports 135-139 & 445
I am aware of the potential security risk having these ports open however the client at this time requires this so when i upgraded to this IOS train connectivity failed which meant I had to revert the change back to the previous IOS -c3900-universalk9-mz.spa.151-4.m4.bin
12-06-2018 06:15 AM
12-06-2018 07:11 AM - edited 12-06-2018 07:12 AM
Hello Joseph
@Joseph W. Doherty wrote:
Paul, you're asking whether the later IOS blocks SMB port to transit traffic, by default? (Or did you mean those port on/to the router, itself? I would be surprised that a Cisco router would block any transit traffic, by default.)
Yes i am asking if the later IOS blocks those SMB ports by default due to its very high vulnerability factor.
I cannot seem to find any validation, it could be a buggy IOS which I would say Cisco TAC would be my next port of call.
Also due to the lack of any real testing environment and nature of the clients business I cannot test various ios so hence the post on here to try an obtain a definitive answer.
TBH its either a buggy software or its blocking it by default, As it cannot be anything else, a simple roll back to the older ios resolves the connectivity problem regards these ports.
12-06-2018 07:36 AM
12-06-2018 08:00 AM - edited 12-06-2018 08:01 AM
Hello Joseph
Will do...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide