Lilla1
join:2002-04-22
Fall City, WA
1 edit | reply to ghost16825
Re: [Kerio 2.x] My Kerio 2.1.5 rules based on BZ's
said by ghost16825  :
I have to say this is one of the better rulesets I have seen. There's not very much to criticise in it. Regardless, now that you seem pretty happy with it, it's important to see where the weakest parts are even if there's nothing you can do to restrict the rule further.
I'm delighted that you like my rule set (work in progress), I give credit to BZ's wonderful rule set. I endevor to follow the lead of those that understand firewalls, because most of it is greek to me.
said by ghost16825 :
Some people end their local port range at 4999 instead of 5000. (1024-4999) because of SSDP Discovery Service. (Incoming->5000). Do so if it makes you feel any safer.
I used 1024-5000 because that's what BZ uses in his rule set, and because I have disabled UPnP and SSDP. Still I suppose I could use 1024-4999 as an added safety net.
Below is some discussion that relates to this:
BZ 2003-09-22 00:32:21
Q: I notice on your rule set that you have ports 135, 445 and 500?? for xp services block. Is it 500 or 5000?
BZ: Its 500, and 5000(UPnP) is easily turned off, it’s not even as huge as a threat as it was made out to be. However you could add 5000 to that list, but once you do the task below, it won't be listening anymore. You don't even need those services.
Start -> Run: services.msc
In the properties of these services, stop, and disable them. SSDP Discovery Protocol, and Universal Plug n' Pray.
said by ghost16825 :
3. See if you can come up with a list of IP addresses for Spybot.
Good idea. Done.
said by ghost16825 :
I would take off your local port range for explorer(block) and perhaps make it both UDP/TCP both directions, just for the sake of it.
Good idea. Done.
Thanks for all the ideas you gave me, some I am still thinking about.
Lilla |
