[rescue] firewalling windoze crap

James Birdsall jwbirdsa at hotmail.com
Sat Aug 16 14:50:44 CDT 2003

For all of my boxen, I've always blocked ports 1024 and below completely for
both TCP and UDP, and only allowed packets from established connections to
higher TCP ports. Higher UDP ports I left open, and I opened a few
otherwise-restricted ports for servers (e.g. Shoutcast, for Windows). To
date, none of *my* Windows boxes have ever been infected with anything,
whereas a colocated Windows box on another of my subnets which I didn't
filter (I specifically told them that it was up to them to secure their box)
had a half-life of about a day before getting something.

--James B.

More information about the rescue mailing list