[rescue] firewalling windoze crap
Daniel de Young
daniel at velvetsea.com
Sat Aug 16 20:15:42 CDT 2003
On Sat, 2003-08-16 at 12:31, Dave McGuire wrote:
> Hey folks. I have a neighbor connecting through my network. He's
> running Windoze.
>
> What ports do I need to block on my firewall to protect him from this
> latest bullshit? And what ports in general should I block to help
> protect his machine?
Of course block inbound *everything* that isn't state to his box.
Also, if he's a light user, block all outgoing traffic from his box
except 21,53,80,443,etc.
If you don't want too do that at least block certain outgoing traffic
like:
tftp (helps prevent this latest worm's spread)
rcf1913 addys
31337,54321 (check here: http://www.doshelp.com/trojanports.htm)
crafted packets (e.g. syn/ack wo state, xmas, etc)
Bottom line, you're liable for his crufty windurs box when it start
attacking others because he decided to check out some hostile porn site
or the latest bud frog commercial.
Block everything you can! :-)
Also, tell him that if he's going to use your connection, personal
firewall and anti-virus is a must because of the liability.
-Daniel
More information about the rescue
mailing list