You just heard of a new ransomware attack that has been rapidly spreading across the internet that takes advantage of a vulnerability in the Windows SMB protocol. To protect your network until Microsoft releases a security update, you want to block the port for SMB at your firewall to prevent becoming a victim of this attack. Which of the following ports should you add to your blocklist?
a) 514
b) 143
c) 123
d) 445
Answer : 445
Overall Explanation :
Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. When the WannaCry ransomware was spreading rapidly across the internet, you could help protect your organization’s network by blocking ports 139 and 445 at your firewall to prevent your machines from getting infected over the internet. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.
Networking
