New
#1
Help on blocking common trojan ports
hello thans for reading!
first I can't belive I didn't find answer on my question after googling for about 1 hour, I'm crazy allready and need your professional help
here is my problem:
for this example I've downloaded kaspersky WKS which contains antihacker component which contains numerus of other subcomponents like application rules, packetfilter, routing mode etc.
in the packet filter subcomponent are by default already some connection rules which user may aply.
one particular set of those rules descibe common trojan ports which may be blocked.
OK I've aply them and everything work's just fine but I'm wondering about directions (inbound and outbound),
in this set of rules all are set as BLOCK INBOUND only.
I do understand well what blocing inbound and outbound trojan ports mean,
to make thing more complicated I was not sactisfated with those rules and did gogling for more rules and ports.
now I have more than 200 trojan related blocking rules seted in my firewall and here problem ocurs -->
many of them are false positive and I do not understand what to do about
that, all false positive alerts are only outbound related to remote port 80.
and my question is:
shall I block only inbound directions or both?
if I would block only inbound directions than my comp is not
protected against undetectable trojans which are allready on my
comp wright??
that means protection only against outside scaning or hacker
probing.
there is also no way to allow those conections to port 80 only because then firewall woud have so many rules LOL for example 1000 rules may slow down firewall inspection wright??
also there is no way to make brower rule more inportant than packet filter rule
cos packet filter has higher priority.
please do not sugest my any firewall or AV software or any like that, I just wanna know if blocking inbound packets against trojan ports is enough or shall I block both directions that's all!
any help is wellcome!
sasanet.