Differences

This shows you the differences between two versions of the page.

--- windows:tuning:firewall_configure [2019/01/31 00:28]
wikiadmin
+++ windows:tuning:firewall_configure [2019/03/26 11:14] (current)
wikiadmin [Configuring Windows Defender Firewall]
@@ Line 4: / Line 4: @@
 <code>(11/29/2018) More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday... As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports.
 </code>
+Also consider reading the following articles on DNS-rebinding technique which among others may be used for stealing money from selected e-Wallets:
+. https://blog.hacker.af/how-your-ethereum-can-be-stolen-using-dns-rebinding
+. https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
+. https://github.com/filetofirewall/fof
+. https://medium.com/coinmonks/the-call-is-coming-from-inside-the-house-dns-rebinding-in-eosio-keosd-wallet-e11deae05974
+. https://github.com/transmission/transmission/pull/468
+. https://labs.mwrinfosecurity.com/advisories/minikube-rce/
+. http://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/
+. https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=3#maincol
+. https://labs.mwrinfosecurity.com/blog/from-http-referer-to-aws-security-credentials/
 <WRAP center round info 80%>
@@ Line 19: / Line 30: @@
 ----
+<WRAP center round info 80%>
 You may configure Windows Firewall either manually by following this how-to or by running the script [[windows:rigutils:windows_tuning:configurefirewall.bat|ConfigureFirewall.bat]]
+</WRAP>
 === Blocking inbound connections ===
-** STEP ~~#STEP~~**. Open firewall control panel
+**{{anchor:step1:STEP 1. Open firewall control panel}}**
 <WRAP group>
 <WRAP half column>
@@ Line 40: / Line 54: @@
 </WRAP>
 ----
-** STEP ~~#STEP~~**. Verify firewall status
+** STEP ~~#STEP2~~**. Verify firewall status
 <WRAP group>
 <WRAP half column>
@@ Line 67: / Line 81: @@
 </WRAP>
 </WRAP>
 ----
@@ Line 87: / Line 100: @@
 </WRAP>
 </WRAP>
+----
 <WRAP group>
 <WRAP half column>
@@ Line 106: / Line 121: @@
 ----
-**STEP ~~#STEP~~[[#step5|.]]** Backup firewall configuration
+**{{anchor:step5:STEP 5. Backup firewall configuration}}**
 <WRAP group>
 <WRAP half column>
-I recommend to save your current firewall configuration as a file. You'll be able to undo all of your changes if something goes wrong by importing this settings back.
+I recommend to save your current firewall configuration into a file. You'll be able to undo all of your changes if something goes wrong by importing this settings back.
-~~#~~. Click the ''Export Policy...'' items.
+~~#~~. Click the ''Export Policy'' items
 </WRAP>
 <WRAP half column>
@@ Line 120: / Line 135: @@
 </WRAP>
-=== Getting a list of LISTENING services ===
+----
+<WRAP group>
+<WRAP half column>
-To get list of all LISTENING ports on your PC run((See [[:windows:software|cmd.exe]])) the command:
+~~#~~. Select a folder (it's up to you).
-<code batch>netstat -an | findstr LISTEN</code>
-or this small one-liner to get the same list extended by process info:
+~~#~~. Type a name of the exporting file, for example ''firewall_settings''. It'll be saved with the ''wfw'' extension.
-<code powershell>powershell -Command "& Get-NetTCPConnection | ? {($_.State -eq 'Listen') -and ($_.RemoteAddress -eq '0.0.0.0')} | ForEach { $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess -FileVersionInfo ).FileName; if ( $n -eq $null ) { $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess).Name }; New-Object PSObject -Property @{ Port=$_.LocalPort; Name=$n; PID=$_.OwningProcess } }"</code>
+~~#~~. Press the ''Save'' button.
-This a possible output of the above command on freshly installed Windows machine:
+</WRAP>
+<WRAP half column>
+{{:windows:tuning:firewall_06.png?direct&400|Firewall}}
-{{:windows:tuning:netstat_00.png?400|netstat}}
+<wrap lo>{{material>attachment}}{{:windows:tuning:firewall_06.pdn|firewall_06.pdn}}</wrap>
+</WRAP>
+</WRAP>
-<wrap lo>{{material>attachment}}{{:windows:tuning:netstat_00.pdn|netstat_00.pdn}}</wrap>
+----
+<WRAP group>
+<WRAP half column>
+~~#~~. Click the ''OK'' button.
+</WRAP>
+<WRAP half column>
+{{:windows:tuning:firewall_07.png?direct&400|Firewall}}
+<wrap lo>{{material>attachment}}{{:windows:tuning:firewall_07.pdn|firewall_07.pdn}}</wrap>
+</WRAP>
+</WRAP>
 ----
+**STEP ~~#STEP6~~**. Disable existing ''Allow'' rules
+<WRAP group>
+<WRAP half column>
+Let's disable **all** existing firewall rules which allow some inbound connections.
+~~#~~. Click the ''Inbound rules'' item.
+~~#~~. Click the ''Filter by state'' item to show the popup menu.
+~~#~~. Click the ''Filter by Enabled'' item in popup menu.
+</WRAP>
+<WRAP half column>
+{{:windows:tuning:firewall_08.png?direct&400|Firewall}}
+<wrap lo>{{material>attachment}}{{:windows:tuning:firewall_08.pdn|firewall_08.pdn}}</wrap>
+</WRAP>
+</WRAP>
+----
+<WRAP group>
+<WRAP half column>
+Selecting all rules
+~~#~~. Click the header of the ''Action'' column to get sorted list.
+~~#~~. Select the first item in the list by clicking on it.
+~~#~~. Scroll down the list by mouse wheel or using scrollbar.
+</WRAP>
+<WRAP half column>
+{{:windows:tuning:firewall_09.png?direct&400|Firewall}}
+<wrap lo>{{material>attachment}}{{:windows:tuning:firewall_09.pdn|firewall_09.pdn}}</wrap>
+</WRAP>
+</WRAP>
+----
+<WRAP group>
+<WRAP half column>
+~~#~~. Scroll to the last ''Allow'' rule (it's particular name is unimportant, it could be a last item in the list at the very bottom)
+~~#~~. Press the ''Shift'' key on your keyboard and while keeping it in pressed state click the last item with the left mouse button to select all //Allow// items in the list. They all should turn blue (selected).
+~~#~~. Click the ''Disable rule'' item. **Wait** from 1 to 10 seconds.
+~~#~~. Click the ''Clear All Filters'' item
+</WRAP>
+<WRAP half column>
+{{:windows:tuning:firewall_10.png?direct&400|Firewall}}
+<wrap lo>{{material>attachment}}{{:windows:tuning:firewall_10.pdn|firewall_10.pdn}}</wrap>
+</WRAP>
+</WRAP>
+----
+<WRAP group>
+<WRAP half column>
+Your final list may looks something like this.
+~~#~~. Note the absence on any icons Allow(green)/Block(red) in front of rule's name.
+</WRAP>
+<WRAP half column>
+{{:windows:tuning:firewall_11.png?direct&400|Firewall}}
+<wrap lo>{{material>attachment}}{{:windows:tuning:firewall_11.pdn|firewall_11.pdn}}</wrap>
+</WRAP>
+</WRAP>
+----
+Well done! Continue to the next section - [[:windows:tuning:firewall_block_ports|Explicitly block unwanted/illegal traffic]]

Detach Close

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.

Differences

This topic does not exist yet