This article mainly explains how to quickly block high-risk ports under Windows system.
The following are some common high-risk ports for Windows masking Bat Script reference:
REM Add Policy
netsh ipsec static add policy Name=secport
netsh ipsec static add filterlist Name=drop-port
REM add filter to IP filter list
netsh ipsec static add filter filterlist=drop-port Srcaddr=any dstaddr=me description= Any to my access protocol=tcp mirrored=yes D stport=135
netsh ipsec static add filter filterlist=drop-port Srcaddr=any dstaddr=me description= Any to my access protocol=tcp mirrored=yes D stport=137
netsh ipsec static add filter filterlist=drop-port Srcaddr=any dstaddr=me description= Any to my access protocol=udp mirrored=yes D stport=137
netsh ipsec static add filter filterlist=drop-port Srcaddr=any dstaddr=me description= Any to my access protocol=tcp mirrored=yes D stport=139
netsh ipsec static add filter filterlist=drop-port Srcaddr=any dstaddr=me description= Any to my access protocol=tcp mirrored=yes D stport=445
REM Add filter action
netsh ipsec static add filteraction name=drop-data Action=block
REM Create a link specify rules for IPSEC policies, filter lists, and filter actions
netsh ipsec static add rule name= Deny rule policy=secport filterlist=drop-port Filteraction=drop-data
REM Activation Security Policy
netsh ipsec static set policy Name=secport assign=y
This article is from the "DDos886" blog, make sure to keep this source http://ddos886.blog.51cto.com/13388172/1972793
Windows masking High-risk port script bat