So after spending a great deal of time trying to figure out why one of my customers servers had stopped responding to ports 135 and 445 (RPC), i found that someone had ran an “ipseccmd” script to run some blocking ports on the machine, for a reason that i don’t understand completely. Why on earth would a hacker want to block ports, if they want to use it to send spam through it ? Makes no sense. In any case, if you ever come across a machine that clearly has a blocked port, but there is no firewall running on that machine, check the ipsec rules. They may not show in the Local Security Policy manager, but they will show in the registry and the Security Event log straight after a reboot.
Routers and CD’s
You know. I’ve seen so many people have trouble with wireless routers. D-Link’s, Linksys’s, Belkins.. you name it. So, heres my public announcement.
When you get a new router, throw away the cd that comes with it. You dont need it. All modern routers have a WEB interface. That means you can get to it using your browser. The cd that comes with it, is just useless. Just plug in your laptop or pc to your router, and go straight to the router address. How do i find my router address? its the default gateway. Look around your PC / Mac for the network ip address you got from the router, and it’ll tell you what the gateway is. then type in http://<gateway ip>
DONE