Windows SMB Users at Risk: Block These Ports to Protect Yourself
Pinterest Stumbleupon Whatsapp
Advertisement

Cast your mind back to May 2017. FBI Director James Comey was fired, terrorists struck an Arianna Grande concert in Manchester, and the world fell victim to the WannaCry ransomware attack.

WannaCry infected more than 230,000 computers The Global Ransomware Attack and How to Protect Your Data The Global Ransomware Attack and How to Protect Your Data A massive cyberattack has struck computers around the globe. Have you been affected by the highly virulent self-replicating ransomware? If not, how can you protect your data without paying the ransom? Read More across 150 countries. It brought the United Kingdom’s health service to a standstill, crashed cell phone networks in Spain, and caused long delays on Germany’s railways. In short, it was one of the worst cyber attacks the world had ever seen.

Now, three months later, you might think the flaws that allowed the attack to spread have been fixed. You’d be wrong — and you might still be vulnerable.

What Caused WannaCry?

Without getting too technical, WannaCry spread using EternalBlue. It’s an NSA-developed exploit of the Windows Server Message Block (SMB) protocol.

Microsoft responded by pushing out patches to millions of older computers, including to “officially unsupported What's Next? Support Ends for Microsoft Security Essentials on Windows XP What's Next? Support Ends for Microsoft Security Essentials on Windows XP When Microsoft stopped supporting XP in 2014, they also announced that Microsoft Security Essentials would no longer be available, with updates for existing users available for a limited time only. That limited time has now... Read More ” operating systems such as Windows XP. Theoretically, the updates closed the EternalBlue SMB flaw.

Sadly, it seems the patches didn’t work. At the annual DEF CON conference in late-July, security researchers found yet another flaw. They claimed the flaw has existed for 20 years.

Called SMBLoris, it’s a remote denial-of-service attack. It can crash a computer or a server using no more than 20 lines of code.

And what was Microsoft’s response? The company said it would not patch the issue. It argued SMB should be blocked automatically by the firewall.

Technically, Microsoft is right. But you shouldn’t leave it to chance.

How to Protect Yourself

SMBLoris affects all forms of SMB. It means removing SMBv1 from your system Prevent WannaCry Malware Variants by Disabling This Windows 10 Setting Prevent WannaCry Malware Variants by Disabling This Windows 10 Setting WannaCry has thankfully stopped spreading, but you should still disable the old, insecure protocol it exploited. Here's how to do it on your own computer in just a moment. Read More is no longer sufficient. Instead, you need to block all incoming connections on ports 445 and 139.

You can block ports on your router, but there’s an easier way: use the Windows Firewall tool. Go to Control Panel > Windows Firewall > Advanced Settings, right-click on Inbound Rules, and select New Rule.

Windows SMB Users at Risk: Block These Ports to Protect Yourself firewall new rule

On the next screen select Port and then Next. Now you need to choose Specific Local Ports. Enter 445, 139 in the box. Again, click Next.

Windows SMB Users at Risk: Block These Ports to Protect Yourself firewall block port

Finally, choose Block the Connection, give your new rule a name, and hit Finish.

Windows SMB Users at Risk: Block These Ports to Protect Yourself firewall block port connection

Were you a victim of WannaCry? Will you disable SMBv1? Let us know in the comments below.

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Doc
    August 17, 2017 at 8:49 pm

    No way I'm blocking SMB on my LAN...my PCs need to be able to talk to each other. Is there a simple way to block incoming SMB ports on my router (ASUS RT-AC56U)?

    • magrat
      August 18, 2017 at 6:10 pm

      Bump!