Firewall and new sasser worm
Kurt Wall
kwall
Mon May 17 12:01:57 PDT 2004
In a 1.1K blaze of typing glory, Joel Hammer wrote:
> According to what I read, the Sasser worm scans port
> 445 tcp. I run a firewall on my linux gateway box. It
> blocks almost all ports, including 445.
>
> So, my windows laptop sitting behind the firewall should
> be safe, right?
>
> Two questions:
>
> 1. Why would anybody allow port 445 to be exposed on
> the internet?
Because it is a Microsoft directory services port?
> 2. What does the Sasser worm look like in a firewall
> log? I can't find any hits in my log on ports 445 since
> April 26th. In fact, I have recorded no tcp hits in the
> 1:1023 range on my firewall in the last twelve hours.
No idea.
Kurt
--
Talk sense to a fool and he calls you foolish.
-- Euripides
More information about the Linux-users
mailing list