Blocking port 25

Asura

Hi guys,

Was wondering if you guys can give me some advice on how to block outgoing traffic on port 25.

I don't use my ISPs mail servers so there is no need for it to be open especially considering internet at home is currently disabled for a month due a virus that was sending e-mail, which I believe was on port 25.

Any help would be great.

Thanks.

Aurin

Why not clean out the virus? >_> It would be much simpler to even go so far as to reformat the hard-drive rather than block off a port that you might need to use later.

If you really want to block the port though, I'm not quite sure how. Firewalls typically block incoming traffic.

Asura

I still haven't been able to identify the virus even after getting help on whatthetech.com's forums.

I've run all the tests that the tech guys told me to run and even the logs themselves don't really specify what I was infected with. Heck, I still have no idea how I got infected in the first place even after loading up on a lot of software to prevent this exact type of stuff.

I'm probably going to reformat anyways since there isn't much stuff on my home computer in the first place and I thought blocking port 25, since I don't use it, would help in the future.

Eat_Fire

If you need stuff off the computer, putting it on another media will 99% of the time not spread the virus. Most PC users keep their stuff in My Docs or on their desktop, this is precisely where you will not find a virus as they tend to be hidden back in the windows system folders. Most virus's also do not tend to spread via removable media (unless designed for delivery that way, aka not via email).

Asura

Does anybody know or can direct me to a site explaining how to block ports? Come on, guys!

Aurin

Google

Ruckus

Asura, is your computer connected directly to the internet (via Dialup, Directly to Cable modem, or DSL Modem) or do you use a home router (which connects to a Cable Modem or DSL Modem)?

ViolentChemistry

Asura wrote: »

Does anybody know or can direct me to a site explaining how to block ports? Come on, guys!

It depends on what firewall and/or router you're using. And it's in the manual that came with it.

wunderbar

Honestly, don't bother blocking the port. Just format, and start over. There is no need to block a pretty commonly used port on the internet just because you don't think you'll ever use it.

Luq

Add a block rule for a specific protocol and port
Windows Server 2003-based and Windows XP-based computers
To add a block rule for a specific protocol and port on a Windows Server 2003-based or Windows XP-based computer that has an existing locally-assigned static IPSec policy, follow these steps: 1. Install IPSeccmd.exe. IPSeccmd.exe is part of Windows XP SP2 Support Tools.

For more information about downloading and installing Windows XP Service Pack 2 Support Tools, click the following article number to view the article in the Microsoft Knowledge Base:
838079 (http://support.microsoft.com/kb/838079/) Windows XP Service Pack 2 Support Tools
2. Identify the name of the currently assigned IPSec policy. To do this, type the following at a command prompt:
netdiag /test:ipsec
If a policy is assigned, you will receive a message that is similar to the following:
IP Security test . . . . . . . . . : Passed
Local IPSec Policy Active: 'Block UDP 1434 Filter'
3. If there is an IPSec policy already assigned to the computer (local or domain), use the following command to add an additional BLOCK Filter Rule to the existing IPSec policy.

Note In this command, Existing_IPSec_Policy_Name, Protocol, and PortNumber are variables.
IPSeccmd.exe -p "Existing_IPSec_Policy_Name" -w REG -r "Block ProtocolPortNumber Rule" -f *=0:PortNumber:Protocol -n BLOCK
For example, to add a Filter Rule to block inbound access to TCP port 80 to the existing Block UDP 1434 Filter, type the following command:
IPSeccmd.exe -p "Block UDP 1434 Filter" -w REG -r "Block Inbound TCP 80 Rule" -f *=0:80:TCP -n BLOCK

more: http://support.microsoft.com/kb/813878

Asura

Ruckus wrote: »

Asura, is your computer connected directly to the internet (via Dialup, Directly to Cable modem, or DSL Modem) or do you use a home router (which connects to a Cable Modem or DSL Modem)?

Connected directly.

Asura

wunderbar wrote: »

Honestly, don't bother blocking the port. Just format, and start over. There is no need to block a pretty commonly used port on the internet just because you don't think you'll ever use it.

I've been infected 3 times forcing me to format every single time. This isn't just a single incident, which is why I thought about just closing off port 25.

It really annoys me that I still, to this day, have no clue what I was infected with and how I got infected.

Ruckus

What OS are you using and what kind of Antivirus?

Asura

Ruckus wrote: »

What OS are you using and what kind of Antivirus?

My current OS is XP.

As for Antivirus, I've use Bit defender and AVG.

My last set up before getting killed off the internet was:

Bit defender
Spyware S&D
Spyware blaster
Zone Alarm
COMODO

wunderbar

Asura wrote: »

wunderbar wrote: »

Honestly, don't bother blocking the port. Just format, and start over. There is no need to block a pretty commonly used port on the internet just because you don't think you'll ever use it.

I've been infected 3 times forcing me to format every single time. This isn't just a single incident, which is why I thought about just closing off port 25.

It really annoys me that I still, to this day, have no clue what I was infected with and how I got infected.

Buy a router, and stop downloading porn. That'll solve 99% of your problems.

I wouldn't trust a software firewall at all. I haven't had 1 virus in the past 4 years since I got a router. I've had a couple small peices of spyware, but that's it.

Sporked

A simple NAT router between the modem and your computer will probably do wonders for your virus problems. You'll still have to worry about things you find on the internet, but you won't have to worry so much about things on the internet finding you, at least if it's configured correctly. And running an XP computer bare to the internet is like... well, its like open ocean swimming in a sequined swimsuit holding raw meat. It's just a bad idea.

Nibble

Are you sure you're actually infected with something and it's not just some person or program spoofing your email address?

Feral

Nibble wrote: »

Are you sure you're actually infected with something and it's not just some person or program spoofing your email address?

Yeah, Nibble should get a cookie.

But let's back up a sec. Asura, what made you think that your computer got infected with a virus in the first place?

Asura

Feral wrote: »

Nibble wrote: »

Are you sure you're actually infected with something and it's not just some person or program spoofing your email address?

Yeah, Nibble should get a cookie.

But let's back up a sec. Asura, what made you think that your computer got infected with a virus in the first place?

The reason i believe i got infected was my ISP got informed by a big 3rd party that my connection was sending out spam even though i did not set up an email account on my computer.

From what my ISP tells me, the email addresses have different but all originate from my IP.

What else am i suppose to believe when this happens 3 times in a row?