@echo on @rem This was made by ioccatflashdancedotcx @rem Version 1.1 - 2005-01-08 @rem @rem ipsecpol is a command found in the W2K Server Resource Kit. Files required to execute are: @rem ipsecpol.exe @rem ipsecutil.dll @rem Text2pol.dll @rem @rem ipsecpol command syntax: @rem "ipsecpol -x -w reg -p XXX -r YYY -n PASS/BLOCK -f filterlist" @rem where: @rem -x : specifies that the policy is assigned @rem -w reg : writes the policies to the local registry @rem -p XXX : specifies the name of the policy @rem -r YYY : specifies the name of the rule @rem -f filterlist : "SourceAddress/SourceMask:SourcePort= DestAddress/DestMask:DestPort:Protocol" @rem where protocol is one of ICMP,UDP,RAW, or TCP @rem * = anyone, 0 = this IP address @rem replacing the "=" with a "+" mirrors the filter @rem @rem win2k and winXP uses the same syntax but the programs are named differently. @rem This is the winxp version of the script. @rem Windows 2000 = ipsecpol @rem Windows XP = ipseccmd @rem @rem To view these rules in a GUI, start "Local Security Policy" from "Administrative Tools". @rem Can be usefull sometimes. @rem This script only need to be run ONCE, its remembered after reboot. cd "C:\Program Files\Support Tools" @rem deactivate firewall rules ipseccmd -w reg -p "firewall" -y @rem clear all firewall rules ipseccmd -w reg -p "firewall" -o @rem you want it ipseccmd -x -w reg -p "firewall" -r "localhost" -n PASS -f 127.0.0.1=0:*:tcp 127.0.0.1=0:*:udp @rem allow only some networks to talk to the worm^H^H^H^Hwindows ports @rem must be on the SAME LINE (YES IT SUCKS. IT'S WINDOWS, DID YOU EXPECT BEAUTIFUL SYNTAX?) @rem (because of paranoia, private IP-ranges is used in this example instead of public IP-ranges :)) @rem ipseccmd -x -w reg -p "firewall" -r "allowed" -n PASS -f 192.168.36.*=0:135:tcp 192.168.36.*=0:139:tcp 192.168.36.*=0:445:tcp 192.168.36.*=0:137:udp 192.168.36.*=0:138:udp 192.168.36.*=0:445:udp 192.168.36.*=0:500:udp @rem deny the rest of the evil world @rem must be on the SAME LINE (YES IT SUCKS. IT'S WINDOWS, DID YOU EXPECT BEAUTIFUL SYNTAX?) ipseccmd -x -w reg -p "firewall" -r "blocked" -n BLOCK -f *=0:135:tcp *=0:139:tcp *=0:445:tcp *=0:137:udp *=0:138:udp *=0:445:udp *=0:500:udp