Blocking WannaCry – Defense Solution for Huawei CE Series Switches

Latest reply: Mar 21, 2019 04:29:32 296 1 0 0

Blocking WannaCry – Defense Solution for Huawei CE Series Switches

 

Guide to Defense Configuration on CE Series Switches

 

Product Family

Enterprise network products

Product Model

Data center network switch

Released On

  2017-05-14

Updated On

  2019-03-11

Versions Involved

All versions

Severity

Major


Note: Before the configuration, ensure that no service is using ports 135, 137, 139, 445, and 3389. Otherwise, the services are affected.

1. Configure an advanced ACL that is not in use on the device to match the destination ports to be protected. For example:

Acl 3000
 Rule  5 permit tcp destination-port eq 135
 Rule  10 permit udp destination-port eq 135
 Rule  15 permit tcp destination-port eq 137
 Rule  20 permit udp destination-port eq 137
 Rule  25 permit tcp destination-port eq 139
 Rule  30 permit udp destination-port eq 139
 Rule  35 permit tcp destination-port eq 445
 Rule  40 permit udp destination-port eq 445 

 Rule  45 permit tcp destination-port eq 3389 

 Rule  50 permit udp destination-port eq 3389

2. Configure a traffic classifier to match the ACL.
Traffic  classifier test
 if-match  acl 3000

3. Configure the traffic behavior to discard packets.
Traffic  behavior test
 deny

4. Configure a traffic policy.
Traffic  policy test
 classifier test behavior test

5. Apply the policy to the global inbound direction.
Traffic-policy  test global  inbound

6. Commit the configuration.
Commit

Note: Apply the policy to the inbound direction of the device. The outbound policy of the CE12800 that matches the IP addresses of traffic takes effect only on forwarded Layer 3 traffic.

 

 


  • x
  • convention:

zorro.zeng
Admin Created Mar 21, 2019 04:29:32 Helpful(0) Helpful(0)

good
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login