Block port numbers in Norton Internet Security/Norton Firewall Part I

Go to Part II of this article

Topics on this page:

Firewall and ports

Method

Firewall and ports

A properly configured firewall should block all the port numbers not required by Windows or your installed programmes. Many Trojan horses use ports normally reserved by Windows or the internet. If these ports are open for no good reason, you must find out why.

When you do an online scan it is important to check that the scan engine is detecting your own IP address correctly. If the IP shown is not yours, then it could be your proxy or your ISP's router. Note that online scan only probes your firewall's ability to block incoming traffic.

Before you close the port, go offline: disconnect the modem from your computer. Then close all non-essential running processes in Windows Task Manager and note any suspicious ones. Or reboot into Safe Mode to avoid them starting up. Do a Trojan and spyware scan promptly. Run a programme such as HijackThis to look for and remove browser hijack objects and DSOs. Clean up your temporary internet files, cookies and history. If you cannot do a thorough scan promptly at least close off the ports with your firewall. But closing the ports is not sufficient by itself: you should remove the cause as soon as possible.

You can also close the ports used by the messenger service to block messenger spam in addition to disabling the messenger service in system services; these are: TCP 135, 139, 445 and UDP 135, 137 and 138.

You can find information on the ports used by your operating system and Trojans on the internet (e.g. IANA, Webopedia, Trojan ports).

Method

1. Open Norton Personal Firewall or open Norton Internet Security and go to Personal Firewall (Fig.1, steps 1-3).

In the Configure tab's drop-down menu, choose Trojan Horse settings to block Trojan ports and System-Wide settings to block system ports such as those used by the NetBIOS and messenger service. If you don't share files, block all the three NetBIOS settings (UDP 137, 138 and TCP and UDP 137-9) and Windows Files Sharing (TCP and UDP 139). To find out which ports they use, highlight the name, click Modify and look under the Communications tab.

Fig.1

2. The Trojan horse settings or System Wide settings dialogue box opens. The steps are similar for both.

Make sure all the default processes and all the listed Trojan horse ports are set to BLOCK.

Click Add (Fig. 2).

Fig. 2

3. The Add Rule dialogue box opens (Fig.3).

Choose Block Internet access, then Next.

Fig. 3

4. In the next box, choose one of the options that you wish to apply - block connections:

to/from/to and from other computers. For Trojans you usually need to block traffic in both directions. Click Next (Fig. 4).

Fig. 4

5. In the next Add Rule box, choose block Any computer (Fig. 5).

Fig. 5

Go to TOP.

Go to Part II.

Copyright © 2003 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author.

This is not an official support page for Norton or other products mentioned. All the products mentioned are trademarks of their companies. Edit the settings at your own risk and back up first.

Last updated 7 Feb 2004