I need to enable the firewall in all the company machines and there isnt anydocumentation about used ports so I am planning to use a PowerShell script to log all inbound connections in order to create the required exceptions.
how can I monitor using PowerShell or C# all inbound connections created to my machines? because y has found that there is a Cmdlet that list all the connection to the machine, but I haven’t found a way to select just the inbound connections
there is a way to achieve this?
On
Thanks @postanote I have solved the problem with the tips you gave me, windows firewall can be enable and the logs can be redirected to a fileshare to analysis what are the inbound ports are being used by the company machines.
I am using a similar script to enable the firewall and forward all the log to a list of machines that will be part of the testing group.
$machines = Get-Content -Path '.\Desktop\servers.txt'
foreach ($machine in $machines)
{
Invoke-Command -ComputerName machine -ScriptBlock {Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True;Set-NetFirewallProfile -Profile Domain,Public,Private -LogFileName "\\localhost\C$\Block-$env:COMPUTERNAME.txt" -LogMaxSizeKilobytes 444 -LogAllowed False -LogBlocked True}
}
In my case this does not solve the issue because this just shows me the open inbound ports but does not show the used inbound ports
$FirewallInboundRules = Get-NetFirewallRule | Where { $_.Enabled –eq ‘True’ –and $_.Direction –eq ‘Inbound’ }
Why are you not just using the FW software for this?
As for …
You've just stated that you can get all connections, those connection lines should show the FW rule triggered and from your FW software, you already know what rules are ingress / egress.
Filter the on the inbound rules listed to get your dataset.
Then match that up to your all connections dataset.
But all this sounds like you are trying create your own IDS using PS. I would say that is an over engineering effort, since off the shelf tools provide this already.