blocking ports

  • Thread starter Thread starter mike smith
  • Start date Start date
M

mike smith

With the new virus (blaster E) the suggestion is to block
particular ports. How do you do this ?


Mike
 
mike said:
With the new virus (blaster E) the suggestion is to block
particular ports. How do you do this ?


Mike

Use a firewall. To learn about XP's simple software firewall, search
help for "firewall".
 
Mike,

Blaster virus uses these TCP ports:
135, 139, 445, 593 and 4444
and UDP ports 69 (TFTP), 135, 137, and 138

You need to configure your firewall application to block these ports.

The easiest way is to enable Windows XP Internet Connection Firewall which
*Blocks* the ports by default.

To turn on the ICF in Windows XP, follow these steps:
1. Click Start, and then click Control Panel.
2. In Control Panel, double-click Networking and Internet Connections, and
then click Network Connections.
3. Right-click the connection where you want to turn on Internet Connection
Firewall, and then click Properties.
4. Click the Advanced tab, and then click to select the Protect my computer
or network by limiting or preventing access to this computer from the
Internet check box.


More Reading:
Virus Alert About the Blaster Worm and Its Variants
http://support.microsoft.com/?kbid=826955

--
Regards,
Ramesh
(e-mail address removed)


With the new virus (blaster E) the suggestion is to block
particular ports. How do you do this ?


Mike
 
Ramesh said:
With the new virus (blaster E) the suggestion is to block
particular ports. How do you do this ?

With a firewall. "Home user" personal firewalls that run on the
very computer they're protecting are available for free. Typically,
you can block combinations of applications, ports, IP addresses and
protocols by setting up "rules". You could, for example, forbid any
application except for your web browser of choice to use port 80
(used by webservers). Usually you needn't worry much about creating
rules until the firewall notifies you of something or someone
trying to create an outgoing or incoming connection, asking you to
permit or deny it. (That may happen a lot in the beginning, what
with the constant random attacks attempting to exploit known
vulnerabilities.)

Visit http://www.microsoft.com/security/incident/blast.asp -- If
you scroll down to a red box headlined "1. Enable a Firewall",
you'll find a list of links listing third-party firewalls. I use
Tiny's out of habit, but the most popular pick seems to be
ZoneAlarm.

If these don't suit you, at least activate XP's built-in firewall.
(See other posts)

If you're more knowledgeable or more adventurous, you could
additionally set to "manual" (or deactivate for good) certain
services which listen on various ports (such as those exploited by
Blaster) but may not be required for anything you're doing and may
make you more vulnerable. (Use the administrative tools (start menu
-> control panel (-> performance and maintenance) -> administrative
tools -> services), or, saving you all the clicking-around, simply
run "services.msc" directly to list and configure available
services. You can type "netstat -ano" at a command prompt to find
out which ports are (still) in use.)

There are many "tweak guides" for services, such as...

http://www.theeldergeek.com/services_guide.htm
http://www.techspot.com/tweaks/winxp_services/index.shtml
http://www.beemerworld.com/tips/servicesxp.htm

....but I won't pretend I could tell you how accurate they are. And
I certainly can't tell you which services _you_ may need or not
need. It depends on your setup, whether you're in a LAN, and so on.
Needless to say, randomly deactivating too many services isn't a
good idea if you don't really know what you're doing and/or dislike
experimenting. (Not that you can't undo your changes, but you might
not notice something's not working anymore until you don't remember
how exactly you broke it.)

~Ally
 
Huh? Sorry, Ramesh. I was posting a follow-up to the original post,
not yours. I have no idea what went on there.

~Ally
 
Back
Top