Topic Thread

Expand all | Collapse all

IPSec VPN port 445

  • 1.  IPSec VPN port 445

    Posted 06-29-2017 06:56

    With the recent Ransomware should I specifically block port 445 on my IPSec policy or being a tunnel is it okay to leave as is?

    Thanks

    MJF



  • 2.  RE: IPSec VPN port 445

    Posted 07-03-2017 22:30

    Hello,

     

    I dont think blocking SMB (tcp/445) inside a vpn tunnel is the right solution, because you need this for Windows network file access.

    To protect your systems I would instead assign an IPS profile to the tunnel traffic. (both WCra and Petya will be matched by the signature "MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution")

     

    Sincerely

    Harald