[Dshield] Windows Box Need To Filter Outgoing Port 445

Chris Brenton cbrenton at chrisbrenton.org
Thu Aug 11 09:49:10 GMT 2005


On Thu, 2005-08-11 at 02:17, Nemo Omen wrote:
> Its been a good day for learning new things. I've setup a very small XP 
> honeypot and had it compromised after 30 minutes. I've taken it down at the 
> moment, but I'd like to put it back online with outgoing port 445 filtered, 
> as the honeypot is now scanning on port 445. I am using a dialup connection.
> 
> What is the best Win XP program to filter only outgoing port 445?

If the box has been compromised, I would not trust any firewall running
on the box itself. Who/What ever compromised the system may just disable
the firewall and/or scan other ports as well. Instead, I would consider 
installing another system or piece of hardware in front of the
compromised system and having that do the filtering.

Also, its usually good form to have the firewall in place before
deploying a honeypot. That way none of the outbound scans get out.

HTH,
Chris




More information about the list mailing list