offline
- Vladimir
- Prijatelj foruma
- Pridružio: 10 Feb 2005
- Poruke: 3549
|
Evo podesavanja Outpost-a,preuzetih sa njihovog foruma i malo mojih:
Options/System/ICMP/Settings
Otcekuj "Destination Unreachable (3)" Out box.
Options/System
"Stealth”-Ne preporucuju se nikakve promene
Options/System/Global Application and System Rules-ipconfig /all
Possible Trojan DNS (UDP): Protocol UDP, Remote Port 53, Deny/Block & Report
Possible Trojan DNS (TCP): Protocol TCP, Outbound, Remote Port 53, Deny/Block & Report
Instrukcije
• Options/System/Global Application and System Rules/Settings/Global rules;
• Otcekuj "Allow Loopback" pravilo.
Instrukcije:
Neiskorisceni Protokoli
• Options/System/Global Application and System Rules/Settings;
• Kilk na "Add";
• Namesti protokol na IP,javlja se "entry tipe” sa nedefeinisanim podesavanjem
• Klik na "Undefined";
• Obelezi sve “State box”pored svakog bloka I klikni OK;
• Podesi na “Block & Report it”,upisi ime protokola.
Neznani Protokoli
• Options/System/Global Application and System Rules/Settings;
• Klik na "Add";
• Namesti protocol na “Unknown”, a zatim podesi na “Block&Report it”
Svchost.exe (Windows XP systems only)
Allow DNS (UDP): Protocol UDP, Remote Port 53, Remote Address <your ISP's DNS servers>, Allow
Allow DNS (TCP): Protocol TCP, Outbound, Remote Port 53, Remote Address <your ISP's DNS servers>, Allow
Possible Trojan DNS (UDP): Protocol UDP, Remote Port 53, Deny/Block & Report
Possible Trojan DNS (TCP): Protocol TCP, Outbound, Remote Port 53, Deny/Block & Report
Block Incoming SSDP: Protocol UDP, Local Port 1900, Deny/Block
Block Outgoing SSDP: Protocol UDP, Remote Port 1900, Deny/Block
Block Incoming UPnP: Protocol TCP, Inbound, Local Port 5000, Deny/Block
Block Outgoing UPnP: Protocol TCP, Outbound, Remote Port 5000, Deny/Block
Block RPC (TCP): Protocol TCP, Inbound, Local Port 135, Deny/Block
Block RPC (UDP): Protocol UDP, Local Port 135, Deny/Block
Allow DHCP Request: Protocol UDP, Remote Address <ISP DHCP Server address>, Remote Port BOOTPS, Local Port BOOTPC, Allow
Allow Help Web Access: Protocol TCP, Outbound, Remote Port 80, 443, Allow
Allow Time Synchronisation: Protocol UDP, Remote Port 123, Remote Address time.windows.com, time.nist.gov, Allow
Block Other TCP Traffic: Protocol TCP, Outbound, Deny/Block
Block Other TCP Traffic: Protocol TCP, Inbound, Deny/Block
Block Other UDP Traffic: Protocol UDP, Deny/Block
Web Browsers
Allow Web Access: Protocol TCP, Outbound, Remote Port 80, Allow
Allow Secure Web Access: Protocol TCP, Outbound, Remote Port 443, Allow
Allow Alternate Web Access: Protocol TCP, Outbound, Remote Port 8000, 8010, 8080, Allow
Allow File Transfers: Protocol TCP, Outbound, Remote Port 21, Allow
OBAVEZNO podesi u log Viewer-u:
file>log celanup settings>delete record older than 1 days,kao i
mozes da stavis recimo log databazu od 30 mb.
Pa ce on brisati one reporte koje ostavi za sobom.
Options/Plug-Ins/Active Content/Settings/Web Pages,ovde ne menjaj Cookies jer su potrebni da bi se neki sajtovi ucitali,ako koristis Mozillu slobodno iskljuci ActiveX a preporucljivo je I kod drugih browsera jer su ActiveX I Java scripte zasluzne za najveci broj trojanaca.Pop-up windows takodje iskljuci kao I VBScript-doduse one se mogu iskljuciti I iz windowsa”Explorer-Tools-Folder Options-Filoe Types-VBScript.
Kako zatvoriti port u Outpoust-u?
1. Otvori glavni prozor Outpoust-a I izaberi View > Layout,pogledaj dali se tu nalazi port koji treba zatvoriti:
2. Izaberi View > Advanced I izaberi Number option u Display port as:
3. Rasiri Open Ports kategoriju da bi u levo panelu video izlistane aplikacije:
4. Prati Local Port kolonu I nadji port koji zelis zatvoriti;
5. Desni klik na liniju porta I odaberi Create Rule da bi odabrao pravilo za aplikaciju koja otvara taj port
6. U Rule description polju klik na Undefined rec do Where the direction is I odaberi Inbound
7. 7.U Select Actions with which the rule will respond polju,izaberi Block it
8. Na kraju imenuj novo pravilo.
Mozilla Firefox DISABLED Allow Loopback u Global Application i System
Mozilla Firefox HTTP connection
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 80-83
Allow It
Mozilla Firefox HTTPS connection
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 443
Allow It
Mozilla Firefox SOCKS connection
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 1080
Allow It
Mozilla Firefox PROXY connection
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 3128, 8080, 8088
Allow It
Mozilla Firefox FTP connection
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 21
Allow It
and Activate Stateful Inspection
Mozilla Thunderbird ________________________________________
Send Mail by Mozilla Thunderbird
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 25
Allow It
Receive Mail by Mozilla Thunderbird
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 110, 995
Allow It
Mozilla Thunderbird IMAP Connection
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 143
Allow It
Read News By Mozilla Thunderbird
Where the protocol is: TCP
and Where the direction is: Outbound
and Where the remote port is: 119
Allow It
Negativne strane: Sistem se izlaze Denial-of-Service napadima
Instrukcije:
• Cekuj "Echo Reply (0)" Out I "Echo Request ( " In polja
• Cekuj "Destination Unreachable (3)" Out I "Time Exceeded for a Datagram (11)" Out polja
Options/System/Global Application and System Rules
Ako imate fiksnu IP adresu (bilo zbog LAN-a ili ako koristite router koji daje dynamic addressonda ovo preskocite. Da bi proverili dali se DHCP koristi, otvorite command prompt I ukucajte ipconfig /all – ako je DHCP aktivan, videcete adresu IP na kraju.
Instrukcije:
• "Allow DNS Resolving" upisati IP adresu kao Remote Hosts.
|
