Hello guys, here my second topic to inform you for some mistakes in the firewall basic configuration.
I have done a test to verify my configuration stealth with shields up avaible here : GRC | ShieldsUP! — Internet Vulnerability Profiling
Alert message pop, for System and Svchost. Two choices : If i agree, all incomming request will pass, very bad for the security, if I block, all incoming request will be block, wich can be uncomfortable if you, like me, use the vpn deliver with windows (i’m in windows xp 3 pro).
Granted that we allow the request of svchost incoming and system incoming
I obtein this results with the comon port :
We can see ports 80,443 and 21 are open, its normal, i have a web server. But port 135 (DCOM port wich can be attack), port 445 (SMB port use for sharing files and can be attack), port 139 (net bios port wich use to identify your computer) are opened, that cause an extreme vulnerability.
So I make a solution :
- First, I create a set of port i name “forbiden port”, with the ports quoted above :
- and then, in my Global Rules i created a new one wich block the trafic (exepting my trusted network and ip) getting through my set of port “forbiden port” :
- block tcp or udp in
- source adress : all or excluding LAN
- destination adress : all
- source port : all
- destination port : zone “forbidden port”
- I do again a test with shields up :
Alls done !!!