Topic Thread

Expand all | Collapse all

IPSec VPN port 445

  • 1.  IPSec VPN port 445

    Posted Jun 29, 2017 06:56 AM

    With the recent Ransomware should I specifically block port 445 on my IPSec policy or being a tunnel is it okay to leave as is?



  • 2.  RE: IPSec VPN port 445

    Posted Jul 03, 2017 10:30 PM



    I dont think blocking SMB (tcp/445) inside a vpn tunnel is the right solution, because you need this for Windows network file access.

    To protect your systems I would instead assign an IPS profile to the tunnel traffic. (both WCra and Petya will be matched by the signature "MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution")