[rescue] firewalling windoze crap
phils at gcstech.net
Mon Aug 11 06:23:43 CDT 2003
On Sat, 16 Aug 2003 19:58:42 -0500
"Jonathan C. Patschke" <jp at celestrion.net> wrote:
> On Sat, 16 Aug 2003, Dave McGuire wrote:
> > What ports do I need to block on my firewall to protect him from
> > this
> > latest bullshit? And what ports in general should I block to help
> > protect his machine?
> UDP and TCP ports 135 - 139 (RPC, DCOM, NetBIOS).
> UDP and TCP port 445 (SMB)
> UDP and TCP port 522 (User-location protocol)
> UDP port 3389 (Remote Desktop)
> TCP ports 5800 - 5999 (WinVNC)
> That's a good start, anyway. I feel like I'm leaving something out.
If Dave is running NetBSD with IPFilter as I suspect, and
IPFILTER_DEFAULT_BLOCK is in the compiled kernel and you are only
allowing the standard outgoing connections, http, httpd, smtp, pop3, etc
you should be safe. I have 40+ NetBSD firewalls out there running such
a setup, most in front of WinBloze networks and did not have a single
compromised machine. When I set up my firewalls the only incoming ports
are from my machines to port 22 and any few ports that they may need
More information about the rescue