Solved

How do I block port 25 on local pc in a domain?

Posted on 2013-01-17
6
502 Views
Last Modified: 2013-01-22
A co-worker was surfing the web, and it installed a Trojan that send thousands of emails within a short period of time.  Needless to say, our IP address is blacklisted by:
Connection refused due to abuse. Please see http://mailspike.org/anubis/lookup.html

My question is, what do I need to do, at each computer, to prevent it from sending mass e-mail messages?  Currently Symantec EndPoint Protection is running on all computers, and the co-worker did receive a "warning" from Symantec that a trojan may be running and sending out e-mails on a proxy server.  

By the way, I have submitted a request (at least 8 times) to mailspike to delist my IP address.

Thanks for your help!
0
Comment
Question by:LessonsLearned
6 Comments
 
LVL 2

Accepted Solution

by:
MMTadmin earned 500 total points
ID: 38789918
windows firewall block port 25

or

router block port 25
0
 

Author Comment

by:LessonsLearned
ID: 38789939
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 38790002
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?

No. This is not a good idea and SEP will disable Windows Firewall.

The best place to do this is block port 25 at your firewall. I have done this a my clients (Juniper Netscreen firewall) with no ill affects.

... Thinkpads_User
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 5

Expert Comment

by:Coffinated
ID: 38790156
Your best bet is to block port 25 on the firewall as the malware can control infected PC and could unblock port 25.
If you decide to block port 25 on every PC, do so using group policies

Another option would be to invest into application layer firewall


The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in any harmful way. As of 2012, the so-called next-generation firewall (NGFW) is nothing more than the "widen" or "deepen" inspection at application-stack. For example, the existing deep packet inspection functionality of modern firewalls can be extended to include i) Intrusion prevention systems (IPS); ii) User identity integration (by binding user IDs to IP or MAC addresses for "reputation"); and/or iii) Web Application Firewall (WAF).

http://en.wikipedia.org/wiki/Firewall_(computing)#Third_generation:_application_layer
0
 
LVL 1

Expert Comment

by:thpipfh
ID: 38791351
I've faced the same problem.

Please block port 25 on firewall.
0
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 38792131
HI,

Blocking port 25 is mostly preferred so  
You can block your port by following -----

go to start menu >> control panel >> system and security >> windows firewall >> advance setting >>> inbound rule >> select port 25 >> check out properties and disable it

Good luck
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question