[wplug] Sasser Worm -- protection

[Brandon Kuczenski]

Inside my router/firewall (Redhat 9) I am running a windows machine.  If I 
am concerned about protecting it from possibly infected computers that are 
brought INSIDE the firewall (like friends' laptops), is it sufficient for 
me to add an iptables rule in the FORWARD chain which DROPs packets sent 
to ports 5554, 9996, and 445? 
(ref: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
)

-Brandon