Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do I block port 25 on local pc in a domain?

Posted on 2013-01-17
6
Medium Priority
?
522 Views
Last Modified: 2013-01-22
A co-worker was surfing the web, and it installed a Trojan that send thousands of emails within a short period of time.  Needless to say, our IP address is blacklisted by:
Connection refused due to abuse. Please see http://mailspike.org/anubis/lookup.html

My question is, what do I need to do, at each computer, to prevent it from sending mass e-mail messages?  Currently Symantec EndPoint Protection is running on all computers, and the co-worker did receive a "warning" from Symantec that a trojan may be running and sending out e-mails on a proxy server.  

By the way, I have submitted a request (at least 8 times) to mailspike to delist my IP address.

Thanks for your help!
0
Comment
Question by:LessonsLearned
6 Comments
 
LVL 2

Accepted Solution

by:
MMTadmin earned 2000 total points
ID: 38789918
windows firewall block port 25

or

router block port 25
0
 

Author Comment

by:LessonsLearned
ID: 38789939
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 38790002
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?

No. This is not a good idea and SEP will disable Windows Firewall.

The best place to do this is block port 25 at your firewall. I have done this a my clients (Juniper Netscreen firewall) with no ill affects.

... Thinkpads_User
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 5

Expert Comment

by:Coffinated
ID: 38790156
Your best bet is to block port 25 on the firewall as the malware can control infected PC and could unblock port 25.
If you decide to block port 25 on every PC, do so using group policies

Another option would be to invest into application layer firewall


The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in any harmful way. As of 2012, the so-called next-generation firewall (NGFW) is nothing more than the "widen" or "deepen" inspection at application-stack. For example, the existing deep packet inspection functionality of modern firewalls can be extended to include i) Intrusion prevention systems (IPS); ii) User identity integration (by binding user IDs to IP or MAC addresses for "reputation"); and/or iii) Web Application Firewall (WAF).

http://en.wikipedia.org/wiki/Firewall_(computing)#Third_generation:_application_layer
0
 
LVL 1

Expert Comment

by:thpipfh
ID: 38791351
I've faced the same problem.

Please block port 25 on firewall.
0
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 38792131
HI,

Blocking port 25 is mostly preferred so  
You can block your port by following -----

go to start menu >> control panel >> system and security >> windows firewall >> advance setting >>> inbound rule >> select port 25 >> check out properties and disable it

Good luck
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question