謝謝 psac
此次事件 肇因於NT系統的漏洞 漏洞還未補齊 防火牆有其需要 我使用的是最難用的 TINY FIREWALL PRO. 因不適合個人為介紹給大家 就TINY FIREWALL PRO 使用心得規則與大家分享 下列是原則 個別需要在另外開PORT
RULE 1:
Description: Loopback
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: 127.0.0.1
Port type: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 2:
Description: Block Inbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 3:
Description: Block Outbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Port/Range
First Port: 137
Last Port: 139
Action DENY
= = = = = = = = = = = = = = = =
RULE 4:
Description: ISP Domain Name Server Any App UDP
Protocol: UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: (Your ISP DNS) IP number
Port type: Single
Port number: 53
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 5:
Description: Other DNS
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Single
Port number: 53
Action DENY
= = = = = = = = = = = = = = = =
RULE 6:
Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 7:
Description: In Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 8:
Description: In Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo
Remote Endpoint: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 9:
Description: Out Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 10:
Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Echo Reply, Destination Unreachable, Source
Quench, Redirect,
Echo, Time Exceeded, Parameter Prob, Time Stamp, Time
StampReply, Info
Request, Info Reply, Address, Address Reply, Router
Advertisement, Router
Solicitation (ALL)
Remote Endpoint: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 11:
Description: Block Common Ports (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports:
113,79,21,80,443,8080,143,110,25,23,22,42,53,98
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 12:
Description: Back Orifice Block (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 54320,54321,31337
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 13:
Description: Netbus Block (Logged)
Protocol: TCP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 12456,12345,12346,20034
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 14:
Description: Bootpc (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 68
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 15:
Description: RPCSS (Logged)
Protocol: UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 135
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 16:
Description: Block Low Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 1
Last port number: 79
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 17:
Description: Block High Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 5000
Last port number: 65535
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 18:
Description: Internet Explorer-Web browsing
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => iexplore.exe
Remote Address Type: Any
Port type: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 19:
Description: Outlook Express
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => msimn.exe
Remote Address Type: Any
Port type: List of ports
List of ports: 25,110,119,143
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 20:
Description: ICQ Web Access Block
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => icq.exe
Remote Address Type: Any
Port type: Single port
List of ports: 80
Action DENY
= = = = = = = = = = = = = = = =
RULE 21:
Description: ICQ Application
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => icq.exe
Remote Address Type: Any
Port type: Single port
List of ports: 5190
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 22:
Description: Block Outbound Unauthorized Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 23:
Description: Block Inbound Unknown Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
If you are on a LAN you might need to allow NetBIOS to and from computers on
your LAN. You should insert two rules before rule 2 and 3:
RULE 2a:
Description: Trusted Inbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 3b:
Description: Trusted Outbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Port/Range
First Port: 137
Last Port: 139
Action PERMIT
|