史萊姆論壇 - 查看單個文章

babayu · 2003-08-17, 02:01 AM

謝謝 psac
此次事件肇因於NT系統的漏洞漏洞還未補齊防火牆有其需要我使用的是最難用的 TINY FIREWALL PRO. 因不適合個人為介紹給大家就TINY FIREWALL PRO 使用心得規則與大家分享下列是原則個別需要在另外開PORT

RULE 1:

Description: Loopback
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: 127.0.0.1
Port type: Any
Action PERMIT

= = = = = = = = = = = = = = = =
RULE 2:

Description: Block Inbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 3:

Description: Block Outbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Port/Range
First Port: 137
Last Port: 139
Action DENY

= = = = = = = = = = = = = = = =
RULE 4:

Description: ISP Domain Name Server Any App UDP
Protocol: UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: (Your ISP DNS) IP number
Port type: Single
Port number: 53
Action PERMIT

= = = = = = = = = = = = = = = =
RULE 5:

Description: Other DNS
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Single
Port number: 53
Action DENY

= = = = = = = = = = = = = = = =
RULE 6:

Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT

= = = = = = = = = = = = = = = =
RULE 7:

Description: In Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT

= = = = = = = = = = = = = = = =
RULE 8:

Description: In Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo
Remote Endpoint: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 9:

Description: Out Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 10:

Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Echo Reply, Destination Unreachable, Source
Quench, Redirect,
Echo, Time Exceeded, Parameter Prob, Time Stamp, Time
StampReply, Info
Request, Info Reply, Address, Address Reply, Router
Advertisement, Router
Solicitation (ALL)
Remote Endpoint: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 11:

Description: Block Common Ports (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports:
113,79,21,80,443,8080,143,110,25,23,22,42,53,98
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 12:

Description: Back Orifice Block (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 54320,54321,31337
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 13:

Description: Netbus Block (Logged)
Protocol: TCP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 12456,12345,12346,20034
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 14:

Description: Bootpc (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 68
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 15:

Description: RPCSS (Logged)
Protocol: UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 135
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 16:

Description: Block Low Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 1
Last port number: 79
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 17:

Description: Block High Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 5000
Last port number: 65535
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 18:

Description: Internet Explorer-Web browsing
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => iexplore.exe
Remote Address Type: Any
Port type: Any
Action PERMIT

= = = = = = = = = = = = = = = =
RULE 19:

Description: Outlook Express
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => msimn.exe
Remote Address Type: Any
Port type: List of ports
List of ports: 25,110,119,143
Action PERMIT

= = = = = = = = = = = = = = = =
RULE 20:

Description: ICQ Web Access Block
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => icq.exe
Remote Address Type: Any
Port type: Single port
List of ports: 80
Action DENY

= = = = = = = = = = = = = = = =
RULE 21:

Description: ICQ Application
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => icq.exe
Remote Address Type: Any
Port type: Single port
List of ports: 5190
Action PERMIT

= = = = = = = = = = = = = = = =
RULE 22:

Description: Block Outbound Unauthorized Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

= = = = = = = = = = = = = = = =
RULE 23:

Description: Block Inbound Unknown Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

If you are on a LAN you might need to allow NetBIOS to and from computers on
your LAN. You should insert two rules before rule 2 and 3:

RULE 2a:

Description: Trusted Inbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Any
Action PERMIT

= = = = = = = = = = = = = = = =
RULE 3b:

Description: Trusted Outbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Port/Range
First Port: 137
Last Port: 139
Action PERMIT

2003-08-17, 02:01 AM	#3 (permalink)
babayu 註冊會員榮譽勳章勳章總數1 UID - 10509 在線等級: 註冊日期: 2002-12-12 VIP期限: 2010-06 住址: 天堂文章: 252 精華: 0 現金: 6621 金幣資產: 11621 金幣	謝謝 psac 此次事件肇因於NT系統的漏洞漏洞還未補齊防火牆有其需要我使用的是最難用的 TINY FIREWALL PRO. 因不適合個人為介紹給大家就TINY FIREWALL PRO 使用心得規則與大家分享下列是原則個別需要在另外開PORT RULE 1: Description: Loopback Protocol: TCP and UDP Direction: Both Local Port: Any Local App.: Any Remote Address Type: Single Host address: 127.0.0.1 Port type: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 2: Description: Block Inbound NetBIOS TCP UDP (Notify) Protocol: TCP and UDP Direction: Incoming Port type: Port/Range First Port: 137 Last Port: 139 Local App.: Any Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 3: Description: Block Outbound NetBIOS TCP UDP (Notify) Protocol: TCP and UDP Direction: Outgoing Local Port: Any Local App.: Any Remote Address Type: Any Port type: Port/Range First Port: 137 Last Port: 139 Action DENY = = = = = = = = = = = = = = = = RULE 4: Description: ISP Domain Name Server Any App UDP Protocol: UDP Direction: Both Local Port: Any Local App.: Any Remote Address Type: Single Host address: (Your ISP DNS) IP number Port type: Single Port number: 53 Action PERMIT = = = = = = = = = = = = = = = = RULE 5: Description: Other DNS Protocol: TCP and UDP Direction: Both Local Port: Any Local App.: Any Remote Address Type: Any Port type: Single Port number: 53 Action DENY = = = = = = = = = = = = = = = = RULE 6: Description: Out Needed To Ping And TraceRoute Others Protocol: ICMP Direction: Outgoing ICMP Type: Echo Remote Endpoint: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 7: Description: In Needed To Ping And TraceRoute Others Protocol: ICMP Direction: Incoming ICMP Type: Echo Reply, Destination Unreachable, Time Exceeded Remote Endpoint: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 8: Description: In Block Ping and TraceRoute ICMP (Notify) Protocol: ICMP Direction: Incoming ICMP Type: Echo Remote Endpoint: Any Action DENY = = = = = = = = = = = = = = = = RULE 9: Description: Out Block Ping and TraceRoute ICMP (Notify) Protocol: ICMP Direction: Outgoing ICMP Type: Echo Reply, Destination Unreachable, Time Exceeded Remote Endpoint: Any Action DENY = = = = = = = = = = = = = = = = RULE 10: Description: Block ICMP (Logged) Protocol: ICMP Direction: Both ICMP Type: Echo Reply, Destination Unreachable, Source Quench, Redirect, Echo, Time Exceeded, Parameter Prob, Time Stamp, Time StampReply, Info Request, Info Reply, Address, Address Reply, Router Advertisement, Router Solicitation (ALL) Remote Endpoint: Any Action DENY = = = = = = = = = = = = = = = = RULE 11: Description: Block Common Ports (Logged) Protocol: TCP and UDP Direction: Incoming Port type: List of Ports Local App.: Any List of Ports: 113,79,21,80,443,8080,143,110,25,23,22,42,53,98 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 12: Description: Back Orifice Block (Logged) Protocol: TCP and UDP Direction: Incoming Port type: List of Ports Local App.: Any List of Ports: 54320,54321,31337 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 13: Description: Netbus Block (Logged) Protocol: TCP Direction: Incoming Port type: List of Ports Local App.: Any List of Ports: 12456,12345,12346,20034 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 14: Description: Bootpc (Logged) Protocol: TCP and UDP Direction: Incoming Port type: Single port Local App.: Any Port number: 68 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 15: Description: RPCSS (Logged) Protocol: UDP Direction: Incoming Port type: Single port Local App.: Any Port number: 135 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 16: Description: Block Low Trojan Ports TCP UDP (Notify) Protocol: TCP and UDP Direction: Both Port type: Port/range Local App.: Any First port number: 1 Last port number: 79 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 17: Description: Block High Trojan Ports TCP UDP (Notify) Protocol: TCP and UDP Direction: Both Port type: Port/range Local App.: Any First port number: 5000 Last port number: 65535 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 18: Description: Internet Explorer-Web browsing Protocol: TCP Direction: Outgoing Port type: Any Local App.: Only selected below => iexplore.exe Remote Address Type: Any Port type: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 19: Description: Outlook Express Protocol: TCP Direction: Outgoing Port type: Any Local App.: Only selected below => msimn.exe Remote Address Type: Any Port type: List of ports List of ports: 25,110,119,143 Action PERMIT = = = = = = = = = = = = = = = = RULE 20: Description: ICQ Web Access Block Protocol: TCP and UDP Direction: Outgoing Port type: Any Local App.: Only selected below => icq.exe Remote Address Type: Any Port type: Single port List of ports: 80 Action DENY = = = = = = = = = = = = = = = = RULE 21: Description: ICQ Application Protocol: TCP Direction: Outgoing Port type: Any Local App.: Only selected below => icq.exe Remote Address Type: Any Port type: Single port List of ports: 5190 Action PERMIT = = = = = = = = = = = = = = = = RULE 22: Description: Block Outbound Unauthorized Apps TCP UDP (Notify) Protocol: TCP and UDP Direction: Outgoing Port type: Any Local App.: Any Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 23: Description: Block Inbound Unknown Apps TCP UDP (Notify) Protocol: TCP and UDP Port type: Any Local App.: Any Remote Address Type: Any Port type: Any Action DENY If you are on a LAN you might need to allow NetBIOS to and from computers on your LAN. You should insert two rules before rule 2 and 3: RULE 2a: Description: Trusted Inbound NetBIOS TCP UDP Protocol: TCP and UDP Direction: Incoming Port type: Port/Range First Port: 137 Last Port: 139 Local App.: Any Remote Address Type: Trusted Address Group Port type: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 3b: Description: Trusted Outbound NetBIOS TCP UDP Protocol: TCP and UDP Direction: Outgoing Local Port: Any Local App.: Any Remote Address Type: Trusted Address Group Port type: Port/Range First Port: 137 Last Port: 139 Action PERMIT

	送花文章: 0, 收花文章: 2 篇, 收花: 2 次