Adam and Christina Koch wrote:
If you turn off these services you will no longer be able to add, remove or modify user accounts.Unless you really need this service, say your admin has it set up to notify users of certain events, you can just turn off the service in windows and the problem(s) should be alleviated.
AdamI can't tell what all of them are, but here are the ones that popups come in on: 135, 137, 138, 139, and 445 (I am not sure about 136). Block these ports and I believe you block all the popup messages.
---%<...snip...
Ouch!Port State Service 123/udp open ntp 135/tcp open loc-srv 135/udp open loc-srv 137/udp open netbios-ns 138/udp open netbios-dgm 139/tcp open netbios-ssn 445/tcp open microsoft-ds 445/udp open microsoft-ds 500/udp open isakmp 1024/tcp open kdm 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1032/udp open iad3 1900/udp open UPnP 5000/tcp open UPnP
That's not too good.
I am not sure but I think that XP Home also has some half decent firewall capabilities. I would disable access to all of these ports except for machines that need to share files with or remotely administer that machine. If you install a firewall that is compatable with UPnP it can be used to open ports on your firewall for UPnP compatable games and software. I personaly disabled UPnP support on my firewall and the service in XP {for when I need to run it}. I also have Norton Internet Security installed, call me paranoid, but I have yet to get a popup on my machine. The only port a have forwarded through my firewall is TCP/22 so that I can ssh into my machine from work, further more I have firewall rules that "drop" packets rather than "reject" packets so there is no feedback that the port is even being listened on.
I firmly belive in layered security. At work each server has multiple layers of security in addition to some border security and intrusion detection system.
The problem I run into is that being an ISP many things have to be left open to the public in order for the internet to be able to access some required services.
This is a sample scan from my workstation to one of our servers.
(The 1146 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
80/tcp open http
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
From a machine that is not specificly allowed to see either of these ports, no open ports are seen. Most machines have anti-spoofing rules setup as well as TCPwrapper ACL's in addition to per service configuration Access Control Lists at the application level. All applications are kept up to date and no service that is not required is even installed.
Another trick you can use is to remove utuilities and applications that would allow a compromised server to be used to find other servers on your network or sniff traffic. That includes programming languages,compilers and especialy (x)inetd. Run server applications stand alone chrooted when possible. Use remote syslogging, so that if someone breaks in they can't cover there tracks by deleting log files.
Securing a single machine can take a while, but is well worth the effort. The harder it is for someone to discover your machine, and break into it the less likely they will try. It is more likely they will look for an easier target.
Finally M$ started to catch on with Win2K Pro/Advanced and included some less retarded firewall infrastructure. Maybe they will allow port ranges to be used soon.
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
