Ok. I'm slapping myself upside the head right now. I realize that stieglmant wrote the first part and didn't mention any ports. Russell wrote the second part where ports 135 and 444 are mentioned which are correct since CSX did get hit by the MSBlaster worm.
That still doesn't forgive the numerous posters here who spoke of the nuclear facility in relation to the Blaster worm not the Slammer worm.
That backdoor is only up long enough for the worm to download the msblast.exe file, which is a very short time. By blocking ports 135 and 445 you prevent your computer from even being infected.
It's better to prevent the infection than fix the symptoms.
Did "michael" who posted this news story even read the article he linked to? Did anyone who posted in response to read them?
I think not. In his post he says that
according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January
That's the SLAMMER SQL WORM in JANUARY
Not the MSBlaster worm that's been going around for the last week or so.
Blocking ports 135 or 139 or 445 would not affect the Slammer worm since it uses
the 1433 MS SQL port.
Slashdot Mirror
Ok. I'm slapping myself upside the head right now. I realize that stieglmant wrote the first part and didn't mention any ports. Russell wrote the second part where ports 135 and 444 are mentioned which are correct since CSX did get hit by the MSBlaster worm.
That still doesn't forgive the numerous posters here who spoke of the nuclear facility in relation to the Blaster worm not the Slammer worm.
Actually there is a very easy way to lock that port.
Start->Settings->Network Connections->Local Area Connection->Properties->TCP/IP Properties->Advanced->Options->TCP/IP Filtering
Then set it up how ever you want it
That backdoor is only up long enough for the worm to download the msblast.exe file, which is a very short time. By blocking ports 135 and 445 you prevent your computer from even being infected.
It's better to prevent the infection than fix the symptoms.
I think not. In his post he says that
That's the SLAMMER SQL WORM in JANUARY
Not the MSBlaster worm that's been going around for the last week or so. Blocking ports 135 or 139 or 445 would not affect the Slammer worm since it uses the 1433 MS SQL port.