Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security




"Root Kit" <b__nice@xxxxxxxxxxx> wrote in message
news:gruqa4tn8guffafcdj9egf1dg4cnimuhvi@xxxxxxxxxx
On Thu, 21 Aug 2008 16:26:58 +0700, Kayman
<kaymanDeleteThis@xxxxxxxxxxxxx> wrote:

On Wed, 20 Aug 2008 18:14:23 -0700, Steve Riley [MSFT] wrote:

7a.If on high-speed internet connection use a router as well.
For the average homeuser it is suggested blocking both TCP and UDP
ports 135 ~ 139 and 445 on the router

It really isn't necessary to create specific "block" rules. Nearly every
router does this automatically; they only permit traffic that's in reply
to
some previous outbound request.

Thanks for commenting on #7a.
Admittedly, I am not familiar with all types/makes of (small busines/home
user) routers available.
Are you saying to drop this comment completely or, since it is possible
that some users may employ routers which will not automatically block the
said ports, is paraphrasing the comment sufficient for the purpose?

I'm guessing now, but you probably meant blocking *outbound* packets
for mentioned ports. Some advocate doing this in order to also
"protect the internet from you", so to speak.

I suppose he could phrase it blocking (or not port forwarding) these
ports with these protocols. All incoming init packets are dropped
unless you specifically configure it to allow them in (Stateful Packet
Inspection) but subsequent packets won't stop here. I think the
issue was with software listening on these ports, and the easiest way
to mitigate was to block rather than to remove the offending server
daemon and/or unbind protocols that you don't need binded.

Again, it was the default configuration of earlier Windows OSes
at fault. I don't think it is an issue with Vista (at least it shouldn't
be).


.



Relevant Pages

  • Re: VPN - Outside and Inside using same subnet
    ... One problem is that the clients both use the same internal 192.168.2.0 subnet, which are assigned by their respective ISP routers. ... I've set up VPNs through PIX firewalls before and don't recall having to do that once the necessary ports were opened. ... The SBS will assign one of its own internal LAN addresses to the client ...
    (microsoft.public.windows.server.sbs)
  • RE: Redirect to VPN tunnel?
    ... We are using Draytek Vigor 2820n routers at both locations. ... This is an IPSec tunnel ... as for ports, I hope to stand corrected but I thought these where all the ...
    (microsoft.public.windows.server.sbs)
  • Re: Dropping Usenet Access
    ... What makes you think Time Warner is blocking those ports? ... Please send all responses to the relevant news group rather than directly ...
    (comp.sys.mac.system)
  • Re: Live issue
    ... According to the Live troubleshooter, my 'NAT' is 'strict' - whatever that means, but I presume that is the problem? ... The 360 utilises uPnP, have a look for that option in the router, in admin, normally, or security, or firewall??. ... older routers don't support uPnP, and will have problems like loosing connection randomly, it's much better to organise your ports manually ...
    (uk.games.video.xbox)
  • Re: IGMP Snooping Expert Needed !!
    ... If so which ports on the switch are the multicast streams destined to? ... IGMP is a layer 3 protocol used between hosts and multicast routers to ...
    (comp.dcom.sys.cisco)