12 May
2017
12 May
'17
10:46 a.m.
The recommendation now is to block TCP to all those ports, plus 16995.
The ipfw rule I'm using is
deny ip from any to any in dst-port 623,664,16992,16993,16994,16995
and I've seen over 1500 connection attempts in a 10-second snapshot just now.
As I understand it, since the vulnerability exists in the machine's
management firmware, a host-based firewall is ineffective; the block has
to be in the router serving the particular subnet.
- Brian
On Fri, May 12, 2017 at 09:31:33AM +0200, Rob Janssen wrote:
Thanks for the hint. It is surprisingly difficult to
get technical information
from the Intel documents. Do you block TCP only or also UDP? And what about
ports 16993 and 16994? (and maybe even 623 and 664?)