12 May
2017
12 May
'17
3:46 p.m.
The recommendation now is to block TCP to all those ports, plus 16995.
The ipfw rule I'm using is deny ip from any to any in dst-port 623,664,16992,16993,16994,16995 and I've seen over 1500 connection attempts in a 10-second snapshot just now.
As I understand it, since the vulnerability exists in the machine's management firmware, a host-based firewall is ineffective; the block has to be in the router serving the particular subnet. - Brian
On Fri, May 12, 2017 at 09:31:33AM +0200, Rob Janssen wrote:
Thanks for the hint. It is surprisingly difficult to get technical information from the Intel documents. Do you block TCP only or also UDP? And what about ports 16993 and 16994? (and maybe even 623 and 664?)