| Secruity on Win9.x Box | ||
FTP |
Improving the security of a windows computer. You
can download various patches to stop nukes and upgrade Winsock by going to www.microsoft.com. You could properly find them
in a lot of other places on the net. One product I want to talk about, is
NukeNabber. This can be configured to monitor 50 ports (TCP/UDP and monitor ICMP) of
your choice. Anyone tries to connect to these ports you get there host name, IP
address and alot more if you configure it right. NukeNabber is very easy to set up and can be found at www.dynamsol.com/puppet. So you have successfully downloaded NukeNabber and
installed it onto your machine. Now you want to add a load more ports to be able to
monitor. I recommend leaving the defaults in and setting monitors up on the
following ports, Setting up on these ports will be enough I reckon. 12345 and 20084 is of course netbus and will detect all attempted connections. 31337 in back orifice (this uses udp) and will log all attempted connections. Port 21 is ftp and will log all attempted connections. Port 23 is telnet and will again log all attempted connections. I don't really see any point in monitoring these ports, as windows doesn't have no telnet deamon running, and if you have ftp setup - you should set it up correctly, but its up to you. Port 31, is a port that is used by many other Trojans. Of course if you want to monitor any other ports you can choose from here. You will need to be using winsock2 to be able to monitor ICMP. If you decide to monitor 21 and 23 YOU WILL NOT be able to use telnet or ftp. Of course if you need to you can just switch monitoring off. To select extra ports, you goto File, Options. You will a dialog box appear with the Advanced tab active. Click on a space where it says unassigned in the current slots box. Type in the number of the port you want to monitor and select protocol. Then click on Add/Modify port and its added. Repeat this as necessary. Click onto the General tab and select the check box Block Port Scanners. If the Enable DDE box is checked, uncheck it (some nasty stuff can happen with this protocol!), then select any of the other boxes to match your preferences. Click the Login tag and select all boxes and select Custom, (expect the use event log - unless you are on nt). Select the Intelligence tab and click all three. Ok, you are now set up, any attacks you receive on any of the ports will be monitored and logged. You will also receive and detailed annaylize and go view this by going to View, Intelligence Reports and then select the report you want to view. File and print sharing. Alot of machine have this active. This will mainly effect you if you are running a windows 95 or 98 box. People will be able to access file shares if you have this enabled. I take it you don't want that happening so go to the network properties (right click Netwrok Neigbourhood, Properties, or click on the Network Applet in Control Panel). You should see a little button that says File and Print sharing. Click it, it will bring you to amother box that says enable file and print sharing, uncheck so no one can get in. Read in windows section on how to get past it if it is enabled and click here to see if you are vulnerable. Thanks to rootshell. |