vs88
29-12-2006, 16:16
Ciao a tutti, sto letteralmente impazzendo... uso felicemente windows2000 pro e il firewall dell'agnitum oupost, ho solo un "piccolo" problema: vorrei definire delle regole per il processo di windows services.exe che chiede continuamente connessioni in uscita ma che è purtroppo anche veicolo di trojan e worms, in internet ho trovato questo (http://outpostfirewall.com/forum/showthread.php?t=9858) ...
Services.exe (Windows 2000 systems only)
Allow DNS (UDP): Protocol UDP, Remote Port 53, Remote Address <your ISP's DNS servers>, Allow
Allow DNS (TCP): Protocol TCP, Outgoing, Remote Port 53, Remote Address <your ISP's DNS servers>, Allow
Possible Trojan DNS (UDP): Protocol UDP, Remote Port 53, Deny/Block & Report
Possible Trojan DNS (TCP): Protocol TCP, Outgoing, Remote Port 53, Deny/Block & Report
* DNS rules - see section D1 for more details. They are only needed here if the DNS Client Service is not disabled, since in this case, services.exe will then do the lookups;
* Since only one TCP rule is needed here, it is set to Allow;
* As with the svchost rules above, the "Possible Trojan" rules report on DNS access to other addresses.
Allow DHCP Request: Protocol UDP, Remote Address <ISP DHCP Server address>, Remote Port BOOTPS, Local Port BOOTPC, Allow
* DHCP rule - see section D2 for more details (note that this is unnecessary if static IP addresses are used - normally only the case on private LANs). It is needed here for the same reason as given above in svchost.exe.
Block Other TCP Traffic: Protocol TCP, Outoing, Deny/Block
Block Other TCP Traffic: Protocol TCP, Incoming, Deny/Block
Block Other UDP Traffic: Protocol UDP, Deny/Block
* list these rules last - they will prevent multiple Rules Wizard popups for undefined services. Any further rules added need to come before these.
Con il problema che nn so bene cosa sostituire a <ISP DHCP Server address>, <your ISP's DNS servers>, confido nel vostro aiuto...
Services.exe (Windows 2000 systems only)
Allow DNS (UDP): Protocol UDP, Remote Port 53, Remote Address <your ISP's DNS servers>, Allow
Allow DNS (TCP): Protocol TCP, Outgoing, Remote Port 53, Remote Address <your ISP's DNS servers>, Allow
Possible Trojan DNS (UDP): Protocol UDP, Remote Port 53, Deny/Block & Report
Possible Trojan DNS (TCP): Protocol TCP, Outgoing, Remote Port 53, Deny/Block & Report
* DNS rules - see section D1 for more details. They are only needed here if the DNS Client Service is not disabled, since in this case, services.exe will then do the lookups;
* Since only one TCP rule is needed here, it is set to Allow;
* As with the svchost rules above, the "Possible Trojan" rules report on DNS access to other addresses.
Allow DHCP Request: Protocol UDP, Remote Address <ISP DHCP Server address>, Remote Port BOOTPS, Local Port BOOTPC, Allow
* DHCP rule - see section D2 for more details (note that this is unnecessary if static IP addresses are used - normally only the case on private LANs). It is needed here for the same reason as given above in svchost.exe.
Block Other TCP Traffic: Protocol TCP, Outoing, Deny/Block
Block Other TCP Traffic: Protocol TCP, Incoming, Deny/Block
Block Other UDP Traffic: Protocol UDP, Deny/Block
* list these rules last - they will prevent multiple Rules Wizard popups for undefined services. Any further rules added need to come before these.
Con il problema che nn so bene cosa sostituire a <ISP DHCP Server address>, <your ISP's DNS servers>, confido nel vostro aiuto...