- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec VPN port 445
With the recent Ransomware should I specifically block port 445 on my IPSec policy or being a tunnel is it okay to leave as is?
Thanks
MJF
Solved! Go to Solution.
- Labels:
-
vpn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I dont think blocking SMB (tcp/445) inside a vpn tunnel is the right solution, because you need this for Windows network file access.
To protect your systems I would instead assign an IPS profile to the tunnel traffic. (both WCra and Petya will be matched by the signature "MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution")
Sincerely
Harald
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I dont think blocking SMB (tcp/445) inside a vpn tunnel is the right solution, because you need this for Windows network file access.
To protect your systems I would instead assign an IPS profile to the tunnel traffic. (both WCra and Petya will be matched by the signature "MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution")
Sincerely
Harald