关于windows系列03系统服务器出现蓝屏问题
目前我司发现windows系列03系统服务器存在利用TCP 135/137/138/139/445和UDP135/445注入攻击的情况,导致服务器不断蓝屏(重启)。请各位客户检查windows系列系统本地安全策略是否已存在“关闭危险端口策略”若没有为了您服务器的安全请在服务器上“本地安全策略”添加关闭危险端口的策略。关闭的端口有TCP139、445、593、1025端口,UDP123、137、138、445、1900端口和一些流行病毒的后门端口TCP 2513、2745、3127、6129。5月15号前租用的在用服务器,建议用户自行在服务器上按下列方式添加本地安全策略,防止病毒传播和入侵。如需帮助,也可以联系我们售后处理。
操作方法在管理员模式下运行CMD执行如下命令:
######################################################
netsh ipsec static ^
add policy name=关闭危险端口
netsh ipsec static ^
add filteraction name=阻止端口 action=block
netsh ipsec static ^
add filterlist name=危险端口关闭
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP445端口 dstport=445 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝UDP445端口 dstport=445 protocol=udp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP135端口 dstport=135 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝UDP135端口 dstport=135 protocol=udp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP139端口 dstport=139 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP593端口 dstport=593 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP1025端口 dstport=1025 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP2531端口 dstport=2531 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP2745端口 dstport=2745 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP3127端口 dstport=3127 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝TCP6129端口 dstport=6129 protocol=tcp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝UDP123端口 dstport=123 protocol=udp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝UDP137端口 dstport=137 protocol=udp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝UDP138端口 dstport=138 protocol=udp mirrored=yes
netsh ipsec static ^
add filter filterlist=危险端口关闭 srcaddr=any dstaddr=me description=拒绝UDP1900端口 dstport=1900 protocol=udp mirrored=yes
netsh ipsec static ^
add rule name=BlockAllAccess policy=关闭危险端口 filterlist=危险端口关闭 filteraction=阻止端口
netsh ipsec static set policy name=关闭危险端口 assign=y
exit
######################################################