|
!
--- block ICMP
access-list
115 deny icmp any any echo
! --- block
TFTP
access-list 115 deny udp any any eq 69
! --- block W32.Blaster related protocols
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq 135
! --- block other vulnerable MS protocols
access-list 115 deny udp any any eq 137
access-list 115 deny udp any any eq 138
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq 139
access-list 115 deny tcp any any eq 445
access-list 115 deny tcp any any eq 593
! --- block remote access due to W32.Blaster
access-list 115 deny tcp any any eq 4444
! --- Allow all other traffic -- insert
! --- other existing access-list entries here
access-list 115 permit ip any any
interface <interface>
ip access-group 115 in
ip access-group 115 out
|