Jerry wrote:
> How realistic is the following: I do a fresh install of
> Win 2K from a CD I bought 3 years ago. I put this fresh
> new naked virgin OS right out on the Internet going
> straight for Microsoft Windows Update. But since I have no
> fixes or patches, is it possible that my computer could be
> hacked/hijacked during this process? In other words how
> safe is my connection to Microsoft.com while I'm trying to
> download and install the Update?
You can get infected very quickly. Windows 2000 doesn't
come with a firewall but it does come with some IPSEC
tools that may help. With them, you can block ports.
Its not stateful so there is still risk with ports like
1025 that you can't block this way but its better than
nothing. Unfortunately, its also fairly complicated.
Here is an excerpt from a script we use that you may
find helpful to learn how to use the ipsecpol command
line tool. The tool is available at:
http://www.microsoft.com/windows2000...ipsecpol-o.asp
Like registry editing, doing it wrong can be hard to
recover from.
This was written a while ago. Today, I'd add a line
for tcp port 5000 too.
No guarantees. No support. Not responsible for
accidents.
function EnableFirewall()
{
var shell = new ActiveXObject("WScript.Shell");
//Block incoming connections to RPC/DCOM
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti135\"
-f *=0:135:TCP -n BLOCK -x",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui135\"
-f *=0:135:UDP -n BLOCK -x ",0,true);
//Block incoming connections to Netbios
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti137\"
-f *=0:137:TCP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui137\"
-f *=0:137:UDP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti138\"
-f *=0:138:TCP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui138\"
-f *=0:138:UDP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti139\"
-f *=0:139:TCP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui139\"
-f *=0:139:UDP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti445\"
-f *=0:445:TCP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui445\"
-f *=0:445:UDP -n BLOCK -x ",0,true);
//Block incoming connections to SNMP
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti161\"
-f *=0:161:TCP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui161\"
-f *=0:161:UDP -n BLOCK -x ",0,true);
//Block incoming connections to IIS Web Server
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti80\"
-f *=0:80:TCP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti443\"
-f *=0:443:TCP -n BLOCK -x ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti563\"
-f *=0:563:TCP -n BLOCK -x",0,true);
targetTable = document.getElementById("tabMainChoices");
targetTable.rows[2].cells[1].innerHTML="<font color=\"blue\">Your
computer is now protected from the network. It is safe to connect your
network cable. <b>After doing so, please visit the Microsoft Windows
Update Site and install all critical updates ASAP.</b>.</font>";
}
function DisableFirewall()
{
var shell = new ActiveXObject("WScript.Shell");
//Block incoming connections to RPC/DCOM
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti135\"
-f *=0:135:TCP -n BLOCK -o",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui135\"
-f *=0:135:UDP -n BLOCK -o ",0,true);
//Block incoming connections to Netbios
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti137\"
-f *=0:137:TCP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui137\"
-f *=0:137:UDP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti138\"
-f *=0:138:TCP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui138\"
-f *=0:138:UDP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti139\"
-f *=0:139:TCP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui139\"
-f *=0:139:UDP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti445\"
-f *=0:445:TCP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui445\"
-f *=0:445:UDP -n BLOCK -o ",0,true);
//Block incoming connections to SNMP
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti161\"
-f *=0:161:TCP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bui161\"
-f *=0:161:UDP -n BLOCK -o ",0,true);
//Block incoming connections to IIS Web Server
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti80\"
-f *=0:80:TCP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti443\"
-f *=0:443:TCP -n BLOCK -o ",0,true);
shell.Run(".\\ipsecpol -w REG -p \"StartSafeFirewall\" -r \"bti563\"
-f *=0:563:TCP -n BLOCK -o",0,true);
targetTable = document.getElementById("tabMainChoices");
targetTable.rows[2].cells[1].innerHTML="<font color=\"red\"><b>After
restarting your computer, it will be exposed to the network. If you have
not installed ALL critical updates, your computer will be vulnerable to
infection and compromise.</b></font>";
}
--
Gary Flynn
Security Engineer
James Madison University
Similar Threads
Linear Mode
