Don't know if any of you are afflicted with this "new spam" but it is rather annoying.
My university, my department actually, is discussing how to best handle it. It would be nice close down TCP port 139 (and UDP port 135 I think) but since we are a university there is a certain amount of openness required.
I think the best solution for us would be to stop it at a firewall. Basically close of the port to all IP addresses except for those few we trust.
Since this is something that will be discussed at a staff meeting tomorrow I expect a lively discussing.
Block 135-139 udp & tcp on the firewall and you should be sorted. I can't think of a legitimate reason for incoming traffic on those ports. It also saves you from the headache of open netbios shares being accessible over the net.
It definatly sounds like you need a more paranoid firewall. We use a default deny and specify what service on what ip is publicly accessible.
Re:sorted
gizmo_mathboy on 2002-10-27T13:42:01
As a temporary measure we are disabling Messenger Service while we figure out what ports to block.
I would stop all external traffic to all ports except for SSH, SSL, and HTTP. Then try to figure out what other ports can be opened.
Within the university just about anything goes. Of course, that means network monitoring (more than what little we do now).
