Solved

How do I block port 25 on local pc in a domain?

Posted on 2013-01-17
6
495 Views
Last Modified: 2013-01-22
A co-worker was surfing the web, and it installed a Trojan that send thousands of emails within a short period of time.  Needless to say, our IP address is blacklisted by:
Connection refused due to abuse. Please see http://mailspike.org/anubis/lookup.html

My question is, what do I need to do, at each computer, to prevent it from sending mass e-mail messages?  Currently Symantec EndPoint Protection is running on all computers, and the co-worker did receive a "warning" from Symantec that a trojan may be running and sending out e-mails on a proxy server.  

By the way, I have submitted a request (at least 8 times) to mailspike to delist my IP address.

Thanks for your help!
0
Comment
Question by:LessonsLearned
6 Comments
 
LVL 2

Accepted Solution

by:
MMTadmin earned 500 total points
ID: 38789918
windows firewall block port 25

or

router block port 25
0
 

Author Comment

by:LessonsLearned
ID: 38789939
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 38790002
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?

No. This is not a good idea and SEP will disable Windows Firewall.

The best place to do this is block port 25 at your firewall. I have done this a my clients (Juniper Netscreen firewall) with no ill affects.

... Thinkpads_User
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 
LVL 5

Expert Comment

by:Coffinated
ID: 38790156
Your best bet is to block port 25 on the firewall as the malware can control infected PC and could unblock port 25.
If you decide to block port 25 on every PC, do so using group policies

Another option would be to invest into application layer firewall


The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in any harmful way. As of 2012, the so-called next-generation firewall (NGFW) is nothing more than the "widen" or "deepen" inspection at application-stack. For example, the existing deep packet inspection functionality of modern firewalls can be extended to include i) Intrusion prevention systems (IPS); ii) User identity integration (by binding user IDs to IP or MAC addresses for "reputation"); and/or iii) Web Application Firewall (WAF).

http://en.wikipedia.org/wiki/Firewall_(computing)#Third_generation:_application_layer
0
 
LVL 1

Expert Comment

by:thpipfh
ID: 38791351
I've faced the same problem.

Please block port 25 on firewall.
0
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 38792131
HI,

Blocking port 25 is mostly preferred so  
You can block your port by following -----

go to start menu >> control panel >> system and security >> windows firewall >> advance setting >>> inbound rule >> select port 25 >> check out properties and disable it

Good luck
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Enabling RDP on ASA to access internal servers 4 58
asa failover 3 40
Firewall port opening 2 60
RNC Hacking Question 6 32
There are some basic methods for preventing attacks on, hacking of and unauthorized access to a network -- maybe not completely, but up to a certain level. Start with a well-reputed firewall and unified threat management (UTM) system -- a gateway…
There is a question posted at http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28324159.html (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28324159.html) and i…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now