With Blaster, port 135 TCP, port 4444 TCP, and port 69 UDP were used. In most enterprise environments, there is no need to open those ports to external access, so they can be closed.
With Blaster, port 135 TCP, port 4444 TCP, and port 69 UDP were used. In most enterprise environments, there is no need to open those ports to external access, so they can be closed.
NBAR is effective as a tactical tool, but needs to match the identifier value unique to this and all worms. With Code Red worms, Cisco uses an HTTP match on default traffic pattern identifiers. With Blaster worm, we look for SQL packets of a specific length.
Cisco Security Agent allows you to block any ports on hosts and provides layers of protection. Case in point, Cisco Security Agent prevented Blaster from spawning a command shell and executing its payload.
Yes. It is imperative to only filter these ports when there is normally no business need for them to exist. To mitigate these worms in cases where these ports must be open, other technologies, such as antivirus and HIPS, must be used.
Private VLAN ports can be on different network devices, as long as the devices are trunk-connected and the primary and secondary VLANs have not been removed from the trunk.