Solved

How do I block port 25 on local pc in a domain?

Posted on 2013-01-17
6
503 Views
Last Modified: 2013-01-22
A co-worker was surfing the web, and it installed a Trojan that send thousands of emails within a short period of time.  Needless to say, our IP address is blacklisted by:
Connection refused due to abuse. Please see http://mailspike.org/anubis/lookup.html

My question is, what do I need to do, at each computer, to prevent it from sending mass e-mail messages?  Currently Symantec EndPoint Protection is running on all computers, and the co-worker did receive a "warning" from Symantec that a trojan may be running and sending out e-mails on a proxy server.  

By the way, I have submitted a request (at least 8 times) to mailspike to delist my IP address.

Thanks for your help!
0
Comment
Question by:LessonsLearned
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 2

Accepted Solution

by:
MMTadmin earned 500 total points
ID: 38789918
windows firewall block port 25

or

router block port 25
0
 

Author Comment

by:LessonsLearned
ID: 38789939
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 38790002
Can I use Windows firewall AND Symanec EndPoint Protection at the same time?

No. This is not a good idea and SEP will disable Windows Firewall.

The best place to do this is block port 25 at your firewall. I have done this a my clients (Juniper Netscreen firewall) with no ill affects.

... Thinkpads_User
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 5

Expert Comment

by:Coffinated
ID: 38790156
Your best bet is to block port 25 on the firewall as the malware can control infected PC and could unblock port 25.
If you decide to block port 25 on every PC, do so using group policies

Another option would be to invest into application layer firewall


The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in any harmful way. As of 2012, the so-called next-generation firewall (NGFW) is nothing more than the "widen" or "deepen" inspection at application-stack. For example, the existing deep packet inspection functionality of modern firewalls can be extended to include i) Intrusion prevention systems (IPS); ii) User identity integration (by binding user IDs to IP or MAC addresses for "reputation"); and/or iii) Web Application Firewall (WAF).

http://en.wikipedia.org/wiki/Firewall_(computing)#Third_generation:_application_layer
0
 
LVL 1

Expert Comment

by:thpipfh
ID: 38791351
I've faced the same problem.

Please block port 25 on firewall.
0
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 38792131
HI,

Blocking port 25 is mostly preferred so  
You can block your port by following -----

go to start menu >> control panel >> system and security >> windows firewall >> advance setting >>> inbound rule >> select port 25 >> check out properties and disable it

Good luck
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question