[rescue] firewalling windoze crap
Phil Schilling
phils at gcstech.net
Mon Aug 11 06:23:43 CDT 2003
On Sat, 16 Aug 2003 19:58:42 -0500
"Jonathan C. Patschke" <jp at celestrion.net> wrote:
> On Sat, 16 Aug 2003, Dave McGuire wrote:
>
> > What ports do I need to block on my firewall to protect him from
> > this
> > latest bullshit? And what ports in general should I block to help
> > protect his machine?
>
> UDP and TCP ports 135 - 139 (RPC, DCOM, NetBIOS).
> UDP and TCP port 445 (SMB)
> UDP and TCP port 522 (User-location protocol)
> UDP port 3389 (Remote Desktop)
> TCP ports 5800 - 5999 (WinVNC)
>
> That's a good start, anyway. I feel like I'm leaving something out.
>
If Dave is running NetBSD with IPFilter as I suspect, and
IPFILTER_DEFAULT_BLOCK is in the compiled kernel and you are only
allowing the standard outgoing connections, http, httpd, smtp, pop3, etc
you should be safe. I have 40+ NetBSD firewalls out there running such
a setup, most in front of WinBloze networks and did not have a single
compromised machine. When I set up my firewalls the only incoming ports
are from my machines to port 22 and any few ports that they may need
specifically.
Phil
More information about the rescue
mailing list