Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Help on blocking common trojan ports

29 Apr 2011   #1

windows 7 ultimate x64 SP1
Help on blocking common trojan ports

hello thans for reading!

first I can't belive I didn't find answer on my question after googling for about 1 hour, I'm crazy allready and need your professional help

here is my problem:
for this example I've downloaded kaspersky WKS which contains antihacker component which contains numerus of other subcomponents like application rules, packetfilter, routing mode etc.

in the packet filter subcomponent are by default already some connection rules which user may aply.
one particular set of those rules descibe common trojan ports which may be blocked.

OK I've aply them and everything work's just fine but I'm wondering about directions (inbound and outbound),
in this set of rules all are set as BLOCK INBOUND only.

I do understand well what blocing inbound and outbound trojan ports mean,
to make thing more complicated I was not sactisfated with those rules and did gogling for more rules and ports.
now I have more than 200 trojan related blocking rules seted in my firewall and here problem ocurs -->
many of them are false positive and I do not understand what to do about
that, all false positive alerts are only outbound related to remote port 80.
and my question is:
shall I block only inbound directions or both?
if I would block only inbound directions than my comp is not
protected against undetectable trojans which are allready on my
comp wright??
that means protection only against outside scaning or hacker

there is also no way to allow those conections to port 80 only because then firewall woud have so many rules LOL for example 1000 rules may slow down firewall inspection wright??
also there is no way to make brower rule more inportant than packet filter rule
cos packet filter has higher priority.

please do not sugest my any firewall or AV software or any like that, I just wanna know if blocking inbound packets against trojan ports is enough or shall I block both directions that's all!

any help is wellcome!

My System SpecsSystem Spec
29 Apr 2011   #2

Win7 Ultimate 64bit

I see you have Kaspersky WKS...right? Maybe it would better to post in the Kaspersky forums about it since you are using their product. Firewall settings (rules creation) vary by product as per my experience with Online Armor Premium, Outpost Firewall Pro, Privatefirewall, Avast Firewall and CIS. I am not a techy with firewalls but I do have Stealth Mode and block all outgoing ports 445, 443, 137-139, 5500, 5800 and 5900-5903 and 3389 to name a few. Depending on the firewall, I create an application rule concerning those ports or just a global rule. My settings being stealthed will show some "listening" but having "listening" is not necessarily mean that I am seen. There is no need to block those specific incoming ports as all traffic gets blocked by the Stealth settings.

Now that is based on my experience and having not used Kaspersky firewall I can't say much. Maybe some here who are using KIS may lend a hand here. The Kaspersky forum guys can help you clear out your settings because imho 200 related blocking rules is too may mess up the firewall global/application rules or may overlap.

Good luck
My System SpecsSystem Spec
29 Apr 2011   #3

Windows 7 & Windows Vista Ultimate

Hi, sasanet.

This article may help with Port 80: GRC | Port Authority, for Internet Port 80

if I would block only inbound directions than my comp is not
protected against undetectable trojans which are allready on my
comp wright??
Those trojans would have to have entered your computer first. Granted, you could inadvertently download an infected file that has a new variant that has not yet been added to detection and it could "call home" via Port 80. However, I think that is taking paranoia too the extreme.

You are obviously concerned about security; thus, the caution. Surf safely, keep third-party software updated as well as security updates.
My System SpecsSystem Spec

30 Apr 2011   #4

windows 7 ultimate x64 SP1

yes that's no bad idea, I will post same thread on kaspersky forums after some time.

there is no need to use stealth mode unles u're behind router or other kind of endpoint firewall,
but it is allso not a mistake

yes each firewall has it's own rules configuration and my KAVWKS is so complicated however I will not change it for anything cos it's simply the best IMO.

This article may help with Port 80: GRC | Port Authority, for Internet Port 80
yea that's nice site and I've been test it wright away and here are my results:

Help on blocking common trojan ports-capture.png

regardles of that result I'm 99% shure that noone from outside network can hack my network unless that "someone" has incoming connections from my machine and that is what I wanna solve and that's what I'm asking about

so, because there is allmost no way to hack from outside I wanna make same statefull security shema in my firewall and other components for OUTBOUND connections

we all know, that's not so easy to do as with INCOMING one, cos otherwise we'll be unable to comunicate with the world:
there is over 65000 port available and lot of them are candidates for reverse hacking which is so easy to do if remote client has poor firewall.

Granted, you could inadvertently download an infected file that has a new variant that has not yet been added to detection and it could "call home" via Port 80. However, I think that is taking paranoia too the extreme.
yea that's an interesting example and it may be an example only for extreme paranoia hackers, however I belive that there is a lot of such people and they know how to beat such malware actions

so conclusion and/or question is still the same.
do we have to block outbount and inbount trojan port connections OR is it enough to block incoming only, and how to do that properly to be safe.


My System SpecsSystem Spec

 Help on blocking common trojan ports

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
Front USB ports not working, but rear USB ports work…
This is a brand new custom built PC for web browsing for a motel lobby. Win7 Home Premium AMD A4-3300 Llano MSI A55M-P33 FM1 Rosewill FBM-02 MicroATX Mini Tower Running latest BIOS and latest drivers downloaded directly from manufacturer's website. I tried switching between all 3...
Hardware & Devices
USB 3.0 ports refuse to work as USB 3.0 ports
A few days ago I installed a USB 3.0 card (to be precise, this one: 2-Port USB 3.0 SuperSpeed PCI-E Controller Card - Free Shipping - DealExtreme). It uses the very common NEC µPD720200 USB 3.0 controller. I installed the required drivers for Windows 7, and the card worked fine for the first...
Hardware & Devices
Common Virtual Ports
Hi Friends, This article is about most common term in Networking World i.e., PORT/s. Most of us are aware of this term & need no introduction but i'll put few lines. This article will define the Port & its purpose its a long list, there are 65535 ports in a computer, so, i'll be discussing...
Network & Sharing
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro
A little help,please.Got this trojan earlier.It disabled MSE,MBAM,Internet,CCleaner,and pretty much anything .exe.Claimed everything was says whatever fake AV program that came with it.(I wish I could figure out how to use the indention tool here)I had to restart,open task manager...
System Security
blocking some ports
Hello all, Im using windows 7 RTM x86 I want to close some opened ports.These ports are 135 and 445. So, I try to close/block these ports using Windows Firewall. ( with advanced settings ) I created inbound rule for closing port 135(TCP) (as you can see attached screenshot ) Also I...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 23:06.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App