[rescue] firewalling windoze crap

Curtis H. Wilbar Jr. rescue at hawkmountain.net
Sat Aug 16 16:49:55 CDT 2003 

My "default" firealling method is to use a statefull firewall and
only allow responses to come back in.  Then as I need to depending on
the application I open up ports from the outside world.... that is
more secure than blocking this, blocking that, etc... as most people
need very little to come through (as a connection innitiator.. and
at least from a home user perspective).

-- Curt

>Date: Sat, 16 Aug 2003 16:02:55 -0400
>From: Phil Stracchino <alaric at caerllewys.net>
>To: rescue at sunhelp.org
>Subject: Re: [rescue] firewalling windoze crap
>Mail-Followup-To: rescue at sunhelp.org
>X-ICBM: 35.6880N 77.4375W
>X-PGP-Fingerprint: 2105 C6FC 945D 2A7A 0738  9BB8 D037 CE8E EFA1 3249
>X-PGP-Key-FTP-URL: ftp://ftp.babcom.com/pub/pgpkeys/alaric.asc
>X-PGP-Key-HTTP-URL: http://www.babcom.com/alaric/pgp.html
>X-UCE-Policy: No unsolicited commercial email is accepted at this site.  All 
senders of UCE will be immediately and permanently blocked.
>User-Agent: Mutt/1.5.4i
>
>On Sat, Aug 16, 2003 at 03:31:02PM -0400, Dave McGuire wrote:
>>   Hey folks.  I have a neighbor connecting through my network.  He's 
>> running Windoze.
>> 
>>   What ports do I need to block on my firewall to protect him from this 
>> latest bullshit?  And what ports in general should I block to help 
>> protect his machine?
>
>W32/Blaster (aka DCOM-RPC) attacks via port 135.  I also block 7-19,
>37-43, 57-77, 111, 137-139, 161-191, 199-442, 444-515, 520-1023,
>1433-1434, 4444, and 32770-32779.  Of these, the key ones for protecting
>Windows boxen are 137-139, 444-515, 1433-1434, 4444, and 32770-32779
>iirc.
>
>
>-- 
> .*********  Fight Back!  It may not be just YOUR life at risk.  *********.
> : phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
> :  alaric at caerllewys.net : alaric-ruthven at earthlink.net : phil at latt.net  :
> :   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)   :
> :    Linux Now!   ...Because friends don't let friends use Microsoft.    :
>_______________________________________________
>rescue list - http://www.sunhelp.org/mailman/listinfo/rescue


Curtis Wilbar
Hawk Mountain Networks
rescue at hawkmountain.net

My e-mail is protected against viruses and spam by MailGuardian
                  http://www.mailguardian.net
          Top notch protection at unbelievable prices

More information about the rescue mailing list