Subj : Re: Pro-active firewall? To : Jas Hud From : Shurato Date : Tue Dec 31 2024 20:51:00 JH> To: T.J. Mcmillen JH> Re: Re: Pro-active firewall? By: T.J. Mcmillen to Jas Hud on Thu Aug JH> 08 2024 04:03 pm JH> > From Newsgroup: micronet.bbs JH> > JH> They used those exploits and put ransomeware on it and did the JH> little JH> > JH> txt f on the desktop where i had to send them money to a bitcoin JH> > JH> address. JH> > JH> With windows firewall up, they wouldn't be able to do that. My JH> other JH> > JH> win7 were fine. JH> > I think the Win7 firewall is up, yeah, the stock one is .... I know I JH> had it JH> > down when I was having issues with net2bbs (which ending up being my JH> router JH> > needing powered off for like 15 mins) .... Weirdest damn thing ... JH> just JH> > would unhook the port for no reason. Crazy electric things! JH> i still miss blackice defender. I just found a version of Snort for Window 32 bit. It works on 7 up I believe. I wrote some short scripts to send IP addresses to its rule list to block and then refresh the rule list at a regular basis. It makes Snort work as an IPS instead of just an IDS. I just have my bbs send the IP address of the offender (anyone using a raw connection) in a snort rule to the list, making sure it's not duplicated, then another script kills and restarts Snort every 30 minutes to reload the list. I'm sure a better solution could have been done, but this works for me. The compile of Snort I found doesn't allow for refreshing the rules without killing the task. I don't know if source is available or not. -- Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp, ,wss) (Ports 22,23,110,21,119,999) (ssh login 'bbs' password 'shsbbs') *** THE READER V4.50 [freeware] --- * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (618:300/50) .