Solved

How do I block port 25 on local pc in a domain?

Posted on 2013-01-17
6
506 Views
Last Modified: 2013-01-22
A co-worker was surfing the web, and it installed a Trojan that send thousands of emails within a short period of time.  Needless to say, our IP address is blacklisted by:
Connection refused due to abuse. Please see http://mailspike.org/anubis/lookup.html

My question is, what do I need to do, at each computer, to prevent it from sending mass e-mail messages?  Currently Symantec EndPoint Protection is running on all computers, and the co-worker did receive a "warning" from Symantec that a trojan may be running and sending out e-mails on a proxy server.  

By the way, I have submitted a request (at least 8 times) to mailspike to delist my IP address.

Thanks for your help!
0
Comment
Question by:LessonsLearned
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 2

Accepted Solution

by:
MMTadmin earned 500 total points
ID: 38789918
windows firewall block port 25

or

router block port 25
0
 

Author Comment

by:LessonsLearned
ID: 38789939
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 38790002
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?

No. This is not a good idea and SEP will disable Windows Firewall.

The best place to do this is block port 25 at your firewall. I have done this a my clients (Juniper Netscreen firewall) with no ill affects.

... Thinkpads_User
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 5

Expert Comment

by:Coffinated
ID: 38790156
Your best bet is to block port 25 on the firewall as the malware can control infected PC and could unblock port 25.
If you decide to block port 25 on every PC, do so using group policies

Another option would be to invest into application layer firewall


The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in any harmful way. As of 2012, the so-called next-generation firewall (NGFW) is nothing more than the "widen" or "deepen" inspection at application-stack. For example, the existing deep packet inspection functionality of modern firewalls can be extended to include i) Intrusion prevention systems (IPS); ii) User identity integration (by binding user IDs to IP or MAC addresses for "reputation"); and/or iii) Web Application Firewall (WAF).

http://en.wikipedia.org/wiki/Firewall_(computing)#Third_generation:_application_layer
0
 
LVL 1

Expert Comment

by:thpipfh
ID: 38791351
I've faced the same problem.

Please block port 25 on firewall.
0
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 38792131
HI,

Blocking port 25 is mostly preferred so  
You can block your port by following -----

go to start menu >> control panel >> system and security >> windows firewall >> advance setting >>> inbound rule >> select port 25 >> check out properties and disable it

Good luck
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question