Hi
Tobias Goeller schrieb:
I have a current malicious traffic of about 100KBit/s coming from some chinese ISPs... most time they try to accesss ports 138/139 and 445.
That's incomming traffic, I guess. Blocking that is a good idea.
Blocking outgoing smb is not entirely pointless too since it stops scans for open shares at the source. I agree with you that it's better to use CIFS in a tunnel since it's everything else but secure.
Regards Peter