Got it
Huawei Enterprise Support Community
Community Forums WLAN
Internet connectivity bec...

Internet connectivity because of WannaCry attack

Latest reply: Dec 20, 2021 13:59:18 729 7 11 0 1
View the author 1#

[Problem Description]

               Traffic instability; traffic only for seconds after resetting the nat session

[Problem Analysis]

                Topology is very simple: FAT AP doing nat and connected directly to the service provider with public IP

                Check NAT session all

                Traffic succeeded just after reset the nat session and then failed

               when display nat session all

                Noticed that a lot of sessions created in no time to destination port 445 139; which is known for the WannaCry attack

[solution description]

               NAT does not allow the port 445 and 139 as below

              ACL 3000

              rule 10 deny tcp destination-port 139

             rule 20 deny tcp destination-port 445

             rule 30 permit


             int g0/0/1

             NAT outbound acl 3000

Like (11) Dislike (0) Favorite(1) Share Report
Previous: Configuring Built-in Portal local Authentication
Next: After enable MAC address-prioritized Portal authentication, some user cannot reconnect after lock and unlock screen.
(0) (0)
2#
yjhd
Created Dec 26, 2018 02:59:21

useful
View more
  • x
  • convention:
(0) (0)
3#
No.9527
Created Dec 26, 2018 03:08:14

AP6050DN ----Indoor medium- to high-density multi-service APs that support dual-5G or provide 5GE uplink ports, applicable to high-density and high-concurrency scenarios.
View more
  • x
  • convention:
(0) (0)
4#
GongXiaochuan
Created Dec 26, 2018 08:02:14

WannaCry is one of the Vulnerabilities, we need to block the port which related to this ,

rule 10 deny tcp destination-port 139
rule 20 deny tcp destination-port 445
View more
  • x
  • convention:
(0) (0)
5#
Finn92
Created Dec 29, 2018 01:57:07

NAT does not allow the port 445 and 139 as below
ACL 3000
rule 10 deny tcp destination-port 139
rule 20 deny tcp destination-port 445
rule 30 permit
hi author , could you share more WannaCry attack
View more
  • x
  • convention:
(0) (0)
6#
SupperRobin
Created Dec 29, 2018 03:38:45

NAT does not allow the port 445 and 139 as below

ACL 3000

rule 10 deny tcp destination-port 139

rule 20 deny tcp destination-port 445

rule 30 permit
View more
  • x
  • convention:
(0) (0)
7#
littlestone
Created Dec 29, 2018 12:19:13

WannaCry (also known as Wanna Decryptor), a "worm-like" blackmail virus software, 3.3MB in size, is exploited by criminals using the dangerous vulnerability "Eternal Blue" leaked by NSA (N*** Agency).
View more
  • x
  • convention:
(0) (0)
8#
Caroline_Herrera
Moderator Created Dec 20, 2021 13:59:18

Good solution desc on traffic instability because of WannaCry attack
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.