IronBits
09-16-2003, 08:18 PM
Blocking can minimize the impact of disruptive attacks originating outside the perimeter.
However, it also has the potential to deny access to needed applications.
The specific ports and protocols that, if applicable, should be blocked include:
TCP/135 TCP/139 TCP/445 TCP/593
UDP/135 UDP/137 UDP/138 UDP/445
Keyword Port Number Type Description
epmap 135 tcp DCE endpoint resolution
epmap 135 udp DCE endpoint resolution
netbios-ns 137 tcp NETBIOS Name Service
netbios-ns 137 udp NETBIOS Name Service
netbios-dgm 138 tcp NETBIOS Datagram Service
netbios-dgm 138 udp NETBIOS Datagram Service
netbios-ssn 139 tcp NETBIOS Session Service
netbios-ssn 139 udp NETBIOS Session Service
microsoft-ds 445 tcp Microsoft-DS
microsoft-ds 445 udp Microsoft-DS
http-rpc-epmap 593 tcp HTTP RPC Ep Map
http-rpc-epmap 593 tcp HTTP RPC Ep Map
:drink:
However, it also has the potential to deny access to needed applications.
The specific ports and protocols that, if applicable, should be blocked include:
TCP/135 TCP/139 TCP/445 TCP/593
UDP/135 UDP/137 UDP/138 UDP/445
Keyword Port Number Type Description
epmap 135 tcp DCE endpoint resolution
epmap 135 udp DCE endpoint resolution
netbios-ns 137 tcp NETBIOS Name Service
netbios-ns 137 udp NETBIOS Name Service
netbios-dgm 138 tcp NETBIOS Datagram Service
netbios-dgm 138 udp NETBIOS Datagram Service
netbios-ssn 139 tcp NETBIOS Session Service
netbios-ssn 139 udp NETBIOS Session Service
microsoft-ds 445 tcp Microsoft-DS
microsoft-ds 445 udp Microsoft-DS
http-rpc-epmap 593 tcp HTTP RPC Ep Map
http-rpc-epmap 593 tcp HTTP RPC Ep Map
:drink: