This topic does not exist yet

You may configure Windows Firewall either manually by following this how-to or by running the script ConfigureFirewall.bat

Explicitly block unwanted/illegal traffic

You may call me paranoid, but steps described in the configure firewall guide were just a passive defense. I would like to take a more proactive approach against possible network attacks. Just skip next steps if you don't want/need it (not recommended).

So, first of all I'm going to create a block rules for all listening services on my rig. For doing this we need a list of active listening ports on our computer.

To get list of all LISTENING¹⁾ ports on your PC run²⁾ the command:

netstat -an | findstr LISTEN

or run this small one-liner to get the same list extended by process info (preferred way):

powershell -Command "& Get-NetTCPConnection | ? {($_.State -eq 'Listen') -and ($_.RemoteAddress -eq '0.0.0.0')} | ForEach { $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess -FileVersionInfo ).FileName; if ( $n -eq $null ) { $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess).Name }; New-Object PSObject -Property @{ Port=$_.LocalPort; Name=$n; PID=$_.OwningProcess } }"

This a possible output of the above command on freshly installed Windows machine:

Consult this table of known TCP/UDP ports, if you want to know which services are listening to what port. In my particular case I'm going to block ports 49664-49675, 3389, 139 and 135.

Here is the a list of well known ports which should be explicitly blocked:

1. Windows RPC³⁾ - TCP/UDP ports 135⁴⁾, 593⁵⁾, 49664-49675⁶⁾

2. Windows Deployment Services (WDS)⁷⁾ - TCP/UDP port 5040⁸⁾

Please note that by disabling NETBIOS ports you will be not able to share folders or disks from your computer any more.

3. NetBIOS⁹⁾ Name Service - TCP/UDP port 137 ¹⁰⁾

4. NetBIOS Datagram Service - TCP/UDP port 138 ¹¹⁾

5. NetBIOS Session Service - TCP/UDP port 139¹²⁾

6. TCP NetBIOS helper - TCP port 445¹³⁾

7. UPnP Service - TCP port 5000¹⁴⁾

8. DNSCache Service - TCP/UDP port 5353¹⁵⁾

9. Windows Update Delivery Optimization - TCP/UDP port 7680¹⁶⁾

10. Windows Remote Desktop Protocol RDP - TCP port 3389¹⁷⁾

Don't block port 3389 if you are planning to access your rig over RDP. But if you plan it, I would highly recommend to change its port number and create Allow rule for it (see below).

Block listening services/ports

27. Open Firewall Control Panel and switch to the Inbound Rules screen. For the above mentioned ports, both TCP and UDP, you should repeat the following steps 2-14:

28. Click the item (create) New Rule.

29. Click the Port control.

30. Click the Next button.

31. Click the TCP control.

32. Click the Specific local ports button.

33. Enter comma separated list of related ports. On this particular screenshot I block at once all Windows RPC related TCP ports: 135, 593, 5040, 49664-49675. Another logical group of ports is NetBIOS: 137, 138, 139, 445, you may create just one rule for them.

Please note that you should repeat this steps for UDP ports as well - start from point 2, but at point 5 instead of TCP select UDP control.

34. Click the Next button.