Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
windows:tuning:firewall_configure [2019/02/05 12:38]
wikiadmin 		windows:tuning:firewall_configure [2019/03/26 11:14] (current)
wikiadmin [Configuring Windows Defender Firewall]
Line 4: Line 4:
 <​code>​(11/​29/​2018) More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue,​ the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday... As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. ​ <​code>​(11/​29/​2018) More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue,​ the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday... As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. ​
 </​code>​ </​code>​
 +Also consider reading the following articles on DNS-rebinding technique which among others may be used for stealing money from selected e-Wallets:
 +
 +1. https://​blog.hacker.af/​how-your-ethereum-can-be-stolen-using-dns-rebinding
 +2. https://​medium.com/​@brannondorsey/​attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
 +3. https://​github.com/​filetofirewall/​fof
 +4. https://​medium.com/​coinmonks/​the-call-is-coming-from-inside-the-house-dns-rebinding-in-eosio-keosd-wallet-e11deae05974
 +5. https://​github.com/​transmission/​transmission/​pull/​468
 +6. https://​labs.mwrinfosecurity.com/​advisories/​minikube-rce/​
 +7. http://​benmmurphy.github.io/​blog/​2016/​07/​11/​rails-webconsole-dns-rebinding/​
 +8. https://​bugs.chromium.org/​p/​project-zero/​issues/​detail?​id=1471&​desc=3#​maincol
 +9. https://​labs.mwrinfosecurity.com/​blog/​from-http-referer-to-aws-security-credentials/​
  
 <WRAP center round info 80%> <WRAP center round info 80%>
Line 19: Line 30:
  
 ---- ----
 +<WRAP center round info 80%>
 You may configure Windows Firewall either manually by following this how-to or by running the script [[windows:​rigutils:​windows_tuning:​configurefirewall.bat|ConfigureFirewall.bat]] You may configure Windows Firewall either manually by following this how-to or by running the script [[windows:​rigutils:​windows_tuning:​configurefirewall.bat|ConfigureFirewall.bat]]
 +</​WRAP>​
  
 === Blocking inbound connections === === Blocking inbound connections ===
  
-** STEP ~~#STEP~~**. Open firewall control panel+**{{anchor:​step1:​STEP 1. Open firewall control panel}}** 
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 40: Line 54:
 </​WRAP>​ </​WRAP>​
 ---- ----
-** STEP ~~#STEP~~**. Verify firewall status+** STEP ~~#STEP2~~**. Verify firewall status
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 86: Line 100:
 </​WRAP>​ </​WRAP>​
 </​WRAP>​ </​WRAP>​
 +
 +----
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 105: Line 121:
  
 ---- ----
-{{anchor:​step5:​STEP 5. Backup firewall configuration}}+**{{anchor:​step5:​STEP 5. Backup firewall configuration}}**
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 119: Line 135:
 </​WRAP>​ </​WRAP>​
  
 +----
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 136: Line 153:
 </​WRAP>​ </​WRAP>​
  
 +----
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 165: Line 183:
 </​WRAP>​ </​WRAP>​
  
 +----
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 182: Line 201:
 </​WRAP>​ </​WRAP>​
  
 +----
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 200: Line 220:
 </​WRAP>​ </​WRAP>​
  
 +----
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
 Your final list may looks something like this. Your final list may looks something like this.
  
-~~#~~. Note the absence on any icon Allow (green)/​Block (red) in front of rule's name. +~~#~~. Note the absence on any icons Allow(green)/​Block(red) in front of rule's name.
 </​WRAP>​ </​WRAP>​
 <WRAP half column> <WRAP half column>
Line 215: Line 234:
 </​WRAP>​ </​WRAP>​
 ---- ----
- +Well done! Continue ​to the next section ​[[:​windows:​tuning:​firewall_block_ports|Explicitly block unwanted/illegal traffic]]
-=== Getting a list of LISTENING services === +
- +
-To get list of all LISTENING ports on your PC run((See [[:​windows:​software|cmd.exe]])) the command: +
-<code batch>​netstat -an | findstr LISTEN</​code>​ +
- +
-or this small one-liner ​to get the same list extended by process info: +
- +
-<code powershell>​powershell ​-Command "& Get-NetTCPConnection | ? {($_.State -eq '​Listen'​) -and ($_.RemoteAddress -eq '​0.0.0.0'​)} | ForEach { $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess -FileVersionInfo ).FileName; if ( $n -eq $null ) { $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess).Name }; New-Object PSObject -Property @{ Port=$_.LocalPort;​ Name=$n; PID=$_.OwningProcess } }"</​code>​ +
- +
-This a possible output of the above command on freshly installed Windows machine: +
- +
-{{:​windows:​tuning:​netstat_00.png?​400|netstat}} +
- +
-<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​netstat_00.pdn|netstat_00.pdn}}<​/wrap> +
- +
----- +
- +
Detach Close

This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.