Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
windows:tuning:firewall_block_ports [2019/02/11 10:45] wikiadmin ↷ Links adapted because of a move operation |
windows:tuning:firewall_block_ports [2019/03/26 11:14] (current) wikiadmin |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | <WRAP center round info 80%> | ||
| + | You may configure Windows Firewall either manually by following this how-to or by running the script [[windows:rigutils:windows_tuning:configurefirewall.bat|ConfigureFirewall.bat]] | ||
| + | </WRAP> | ||
| + | |||
| === Explicitly block unwanted/illegal traffic === | === Explicitly block unwanted/illegal traffic === | ||
| Line 5: | Line 9: | ||
| So, first of all I'm going to create a //block// rules for all listening services on my rig. For doing this we need a list of active listening ports on our computer. | So, first of all I'm going to create a //block// rules for all listening services on my rig. For doing this we need a list of active listening ports on our computer. | ||
| - | To get list of all //LISTENING//((http://ssfnet.org/Exchange/tcp/tcpTutorialNotes.html)) ports on your PC run((See [[:windows:software|cmd.exe]])) the command: | + | To get list of all //LISTENING//((http://ssfnet.org/Exchange/tcp/tcpTutorialNotes.html)) ports on your PC run((See [[windows:tuning:run_cmd_exe|cmd.exe]])) the command: |
| <code batch>netstat -an | findstr LISTEN</code> | <code batch>netstat -an | findstr LISTEN</code> | ||
| Line 22: | Line 26: | ||
| Here is the a list of well known ports which should be explicitly blocked: | Here is the a list of well known ports which should be explicitly blocked: | ||
| - | ~~#PORT~~. **Windows RPC**((Windows RPC general info [[https://serverfault.com/questions/859817/windows-firewall-rpc-135|Windows RPC]])) - TCP/UDP ports 135((Port [[https://www.speedguide.net/port.php?port=135|135]])), 135((Port [[https://www.speedguide.net/port.php?port=593|593]])), 49664-49675((Ports 49664-49675 [[https://answers.microsoft.com/es-es/windows/forum/windows_other-winapps/widnows-server-mitigar-vulnerabilidad-dcerpc-and/5ab3f7b2-eaf5-4168-a103-3442e323b7a2|finger printing]] and [[https://alamot.github.io/tally_writeup/|port scanning]])) | + | ~~#PORT~~. //Windows RPC//((Windows RPC general info [[https://serverfault.com/questions/859817/windows-firewall-rpc-135|Windows RPC]])) - TCP/UDP ports 135((Port [[https://www.speedguide.net/port.php?port=135|135]])), 593((Port [[https://www.speedguide.net/port.php?port=593|593]])), 49664-49675((Ports 49664-49675 [[https://answers.microsoft.com/es-es/windows/forum/windows_other-winapps/widnows-server-mitigar-vulnerabilidad-dcerpc-and/5ab3f7b2-eaf5-4168-a103-3442e323b7a2|finger printing]] and [[https://alamot.github.io/tally_writeup/|port scanning]])) |
| - | ~~#PORT~~. **Windows Deployment Services (WDS)**(([[https://en.wikipedia.org/wiki/Windows_Deployment_Services|WDS general info]])) - TCP/UDP port 540((Port [[http://techgenix.com/windowsdeploymentservicesandfirewalls/|540]])) | + | ~~#PORT~~. //Windows Deployment Services (WDS)//(([[https://en.wikipedia.org/wiki/Windows_Deployment_Services|WDS general info]])) - TCP/UDP port 5040((Port [[http://techgenix.com/windowsdeploymentservicesandfirewalls/|5040]])) |
| - | ~~#PORT~~. **NetBIOS(([[https://en.wikipedia.org/wiki/NetBIOS|NetBIOS]] general info)) Name Service** - TCP/UDP port 137 ((NetBIOS Name Service port [[https://wiki.wireshark.org/NetBIOS/NBNS|137]])) | + | Please note that by disabling NETBIOS ports you will be not able to share folders or disks from your computer any more. |
| - | ~~#PORT~~. **NetBIOS Datagram Service** - TCP/UDP port 138 ((NetBIOS Datagram Service port [[https://wiki.wireshark.org/NetBIOS/NBDS|138]])) | + | ~~#PORT~~. //NetBIOS(([[https://en.wikipedia.org/wiki/NetBIOS|NetBIOS]] general info)) Name Service// - TCP/UDP port 137 ((NetBIOS Name Service port [[https://wiki.wireshark.org/NetBIOS/NBNS|137]])) |
| - | ~~#PORT~~. **NetBIOS Session Service** - TCP/UDP port 139((NetBIOS Session Service port [[https://wiki.wireshark.org/NetBIOS/NBSS|139]])) | + | ~~#PORT~~. //NetBIOS Datagram Service// - TCP/UDP port 138 ((NetBIOS Datagram Service port [[https://wiki.wireshark.org/NetBIOS/NBDS|138]])) |
| - | ~~#PORT~~. **TCP NetBIOS helper** - TCP port 445((TCP NetBIOS helper port [[https://www.speedguide.net/port.php?port=445|445]])) | + | ~~#PORT~~. //NetBIOS Session Service// - TCP/UDP port 139((NetBIOS Session Service port [[https://wiki.wireshark.org/NetBIOS/NBSS|139]])) |
| - | ~~#PORT~~. **UPnP Service** - TCP port 5000((UPnP Service port [[https://www.speedguide.net/port.php?port=5000|5000]])) | + | ~~#PORT~~. //TCP NetBIOS helper// - TCP port 445((TCP NetBIOS helper port [[https://www.speedguide.net/port.php?port=445|445]])) |
| - | ~~#PORT~~. **DNSCache Service** - TCP/UDP port 5353((DNSCache Service port [[https://www.speedguide.net/port.php?port=5353|5353]])) | + | ~~#PORT~~. //UPnP Service// - TCP port 5000((UPnP Service port [[https://www.speedguide.net/port.php?port=5000|5000]])) |
| - | ~~#PORT~~. **Windows Update Delivery Optimization** - TCP/UDP port 7680((DNSCache Service port [[https://www.speedguide.net/port.php?port=7680|7680]])) | + | ~~#PORT~~. //DNSCache Service// - TCP/UDP port 5353((DNSCache Service port [[https://www.speedguide.net/port.php?port=5353|5353]])) |
| + | |||
| + | ~~#PORT~~. //Windows Update Delivery Optimization// - TCP/UDP port 7680((DNSCache Service port [[https://www.speedguide.net/port.php?port=7680|7680]])) | ||
| + | |||
| + | ~~#PORT~~. //Windows Remote Desktop Protocol RDP// - TCP port 3389((Remote Desktop Protocol port [[https://www.speedguide.net/port.php?port=3389|3389]])) | ||
| - | ~~#PORT~~. **Windows Remote Desktop Protocol RDP** - TCP port 3389((Remote Desktop Protocol port [[https://www.speedguide.net/port.php?port=3389|3389]])) | ||
| <WRAP center round important 80%> | <WRAP center round important 80%> | ||
| Line 46: | Line 53: | ||
| </WRAP> | </WRAP> | ||
| ---- | ---- | ||
| + | == Block listening services/ports == | ||
| - | **STEP ~~#STEP1~~**. Block listening services. | + | <WRAP group> |
| + | <WRAP half column> | ||
| + | ~~#~~. [[:windows:tuning:firewall_configure#step1|Open]] Firewall Control Panel and switch to the ''Inbound Rules'' screen. For the above mentioned ports, both TCP and UDP, you should repeat the following steps 2-14: | ||
| + | ~~#~~. Click the item (//create//) ''New Rule''. | ||
| + | </WRAP> | ||
| + | <WRAP half column> | ||
| + | {{:windows:tuning:fw_block_port_00.png?direct&400|Firewall block port}} | ||
| + | |||
| + | <wrap lo>{{material>attachment}}{{:windows:tuning:fw_block_port_00.pdn|fw_block_port_00.pdn}}</wrap> | ||
| + | </WRAP> | ||
| + | </WRAP> | ||
| + | |||
| + | <WRAP group> | ||
| + | <WRAP half column> | ||
| + | ~~#~~. Click the ''Port'' control. | ||
| + | |||
| + | ~~#~~. Click the ''Next'' button. | ||
| + | |||
| + | </WRAP> | ||
| + | <WRAP half column> | ||
| + | {{:windows:tuning:fw_block_port_01.png?direct&400|Firewall block port}} | ||
| + | |||
| + | <wrap lo>{{material>attachment}}{{:windows:tuning:fw_block_port_01.pdn|fw_block_port_01.pdn}}</wrap> | ||
| + | </WRAP> | ||
| + | </WRAP> | ||
| + | |||
| + | <WRAP group> | ||
| + | <WRAP half column> | ||
| + | ~~#~~. Click the ''TCP'' control. | ||
| + | |||
| + | ~~#~~. Click the ''Specific local ports'' button. | ||
| + | |||
| + | ~~#~~. Enter comma separated list of related ports. On this particular screenshot I block at once all ''Windows RPC'' related **TCP** ports: ''135, 593, 5040, 49664-49675''. Another logical group of ports is ''NetBIOS'': ''137, 138, 139, 445'', you may create just one rule for them. | ||
| + | <WRAP center round important 80%> | ||
| + | Please note that you should repeat this steps for **UDP** ports as well - start from point 2, but at point 5 instead of ''TCP'' select ''UDP'' control. | ||
| + | </WRAP> | ||
| + | |||
| + | ~~#~~. Click the ''Next'' button. | ||
| + | </WRAP> | ||
| + | <WRAP half column> | ||
| + | {{:windows:tuning:fw_block_port_02.png?direct&400|Firewall block port}} | ||
| + | |||
| + | <wrap lo>{{material>attachment}}{{:windows:tuning:fw_block_port_02.pdn|fw_block_port_02.pdn}}</wrap> | ||
| + | </WRAP> | ||
| + | </WRAP> | ||
| + | |||
| + | <WRAP group> | ||
| + | <WRAP half column> | ||
| + | ~~#~~. Click the ''Block the connection'' control. | ||
| + | |||
| + | ~~#~~. Click the ''Next'' button. | ||
| + | |||
| + | </WRAP> | ||
| + | <WRAP half column> | ||
| + | {{:windows:tuning:fw_block_port_03.png?direct&400|Firewall block port}} | ||
| + | |||
| + | <wrap lo>{{material>attachment}}{{:windows:tuning:fw_block_port_03.pdn|fw_block_port_03.pdn}}</wrap> | ||
| + | </WRAP> | ||
| + | </WRAP> | ||
| + | |||
| + | <WRAP group> | ||
| + | <WRAP half column> | ||
| + | ~~#~~. Check all firewall profiles: ''Domain'', ''Private'', ''Public'' | ||
| + | |||
| + | ~~#~~. Click the ''Next'' button. | ||
| + | |||
| + | </WRAP> | ||
| + | <WRAP half column> | ||
| + | {{:windows:tuning:fw_block_port_04.png?direct&400|Firewall block port}} | ||
| + | |||
| + | <wrap lo>{{material>attachment}}{{:windows:tuning:fw_block_port_04.pdn|fw_block_port_04.pdn}}</wrap> | ||
| + | </WRAP> | ||
| + | </WRAP> | ||
| + | |||
| + | |||
| + | <WRAP group> | ||
| + | <WRAP half column> | ||
| + | ~~#~~. Enter a name for the rule. It's just a text which will be displayed in the rules list on the Firewall Control Panel. | ||
| + | |||
| + | ~~#~~. Click the ''Finish'' button. | ||
| + | |||
| + | </WRAP> | ||
| + | <WRAP half column> | ||
| + | {{:windows:tuning:fw_block_port_05.png?direct&400|Firewall block port}} | ||
| + | |||
| + | <wrap lo>{{material>attachment}}{{:windows:tuning:fw_block_port_05.pdn|fw_block_port_05.pdn}}</wrap> | ||
| + | </WRAP> | ||
| + | </WRAP> | ||
| + | |||
| + | ---- | ||
| + | Continue to the next step [[:windows:tuning:firewall_allow_ports|how-to allow]] selected inbound connection. | ||