Block high-risk ports to prevent ransomware viruses

Enterprise 2023-09-08 21:03:16 views: null

1. Add firewall rules

   Please use the [powershell] of [run as administrator] to execute the following command, please ensure that the firewall is turned on.

echo [信息] 添加防火墙规则
New-NetFirewallRule -DisplayName 'block-135-TCP-In' -Description '阻止TCP135端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 135
New-NetFirewallRule -DisplayName 'block-135-UDP-In' -Description '阻止UDP135端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 135

New-NetFirewallRule -DisplayName 'block-137-TCP-In' -Description '阻止TCP137端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 137
New-NetFirewallRule -DisplayName 'block-137-UDP-In' -Description '阻止UDP137端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 137

New-NetFirewallRule -DisplayName 'block-138-TCP-In' -Description '阻止TCP138端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 138
New-NetFirewallRule -DisplayName 'block-138-UDP-In' -Description '阻止UDP138端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 138

New-NetFirewallRule -DisplayName 'block-139-TCP-In' -Description '阻止TCP139端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 139
New-NetFirewallRule -DisplayName 'block-139-UDP-In' -Description '阻止UDP139端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 139

New-NetFirewallRule -DisplayName 'block-445-TCP-In' -Description '阻止TCP445端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 445
New-NetFirewallRule -DisplayName 'block-445-UDP-In' -Description '阻止UDP445端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 445

echo [信息]操作成功完成!

2. Stop and disable related services

echo [信息]正在停止并禁用[远程注册表]服务
net stop RemoteRegistry
Set-Service RemoteRegistry -StartupType Disabled

echo [信息]正在停止并禁用[Server]服务
net stop LanmanServer
Set-Service LanmanServer -StartupType Disabled

echo [信息]正在停止并禁用[TCP/IP NetBIOS Helper]服务
net stop lmhosts
Set-Service lmhosts -StartupType Disabled

   After executing the above command, you need to restart the computer.

3. Set strong account passwords

   You can use a password generator to generate high-strength account passwords to prevent brute force cracking.

4. Verify port status

1. Execute the following commands on this machine:

netstat -ano|findstr 135
netstat -ano|findstr 137
netstat -ano|findstr 138
netstat -ano|findstr 139
netstat -ano|findstr 445

2. Detect the opening of the computer's port through other hosts, assuming that the computer's IP address is: 192.168.1.1

tcping 192.168.1.1 135
tcping 192.168.1.1 137
tcping 192.168.1.1 138
tcping 192.168.1.1 139
tcping 192.168.1.1 445

Guess you like

Origin blog.csdn.net/u011046671/article/details/127233275
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com