New
#81
I have extremely strict firewall rules that disables NetBIOS and SMB completely, I absolutely agree. I don't use those protocols and it's not necessary.
f14tomcat, I legitimately thought you were trying to be a smarty pants and prove me wrong otherwise and I mistakened it for not being a genuine advice based question.
You dismiss Petya's attack vector too simply.
If there is an admin with admin$ shares enabled, connected to other clients or hosts OR SMB v1 enabled AND OR NetBIOS enabled, petya will have a feast on the network and scan for lateral infection. Anyone with a share is a possible target from a PSEXEC remote file execution and infecting the system (target user needs administrative privileges). Windows Management Instrumentation command-line is also a method used to propagate itself on the local network as well if PSEXEC fails.
Petya utilizes ports 137, 138, 139 and 445 being outbound and inbound on another local, outbound connections must be blocked or restricted to by application demand.
Then you have nothing to worry about, regardless of having a router with basic set up.
Shares will be accessed, so it is a pertinent threat to home users once infected.