PREVENT YOUR COMPUTER FROM BEING A SPAM-BOT USING
PORT-BLOCKING ON YOUR ROUTER
Along with building new computers, and selling customized
software solutions, I am often faced with the task for which Ruggiero AV
Services was originally created - repairing computers for friends, family
members, and clients. Most of the time these repairs are not
hardware-related, but rather related to the operating system (read:
Windows). And being that Windows has a fair amount of the market share, with
Mac OS being a close second, most of my software-related fixes include malware
removal. Sometimes I don't know what specific malware I am dealing with
UNTIL I run an anti-spyware and/or anti-virus scan, and most of the time that
includes connecting the problem machine to my private network so that I can
update the latest definitions, and then run a scan knowing I'll detect the
latest threats. Problem is, malware may use the window of time a given
system is connected to a netwok to spread. While I haven't had a virus
transfer itself from a client's "infected" computer to one of my own via my
private network, twice I have had "public network" issues after repairing a
machine, most noteably in the area of e-mail.
My personal ISP happens to be Comcast Cable; when this business began, its services also ran off this provider. Ruggiero AV Services now utilizes a dedicated and isolated multi-server network in multiple geographic locations, so we are not tied to one ISP. However, the fact that I have Comcast for personal use plays into the e-mail issue I describe. At least two times, a piece of malware on a client computer contained a built-in mail server, which instantly spewed out multiple SPAM e-mails without my knowledge. This stopped my ability to send outgoing e-mail through Comcast's mail servers. Some tech-saavy friends may be thinking, yeah so just change your outgoing mail servers to ones that are not Comcast-run; and I would - also, Comcast themselves offers a workaround to continue using their servers. I'll explain in a second. What Comcast ends up doing if they think you are a spam-bot is to shut off your ability to send ANYTHING over OUTGOING MAIL PORT 25. This applies even on servers that are NOT run by Comcast. The theory is that most malware sends bogus mail on that common port, so by blocking it at the network level, they are stopping the spread of the malware itself. If you want to continue using Comcast for outgoing mail, you must set your outgoing mail port to 587. It was only recently that I sucessfully discovered and implemented my OWN version of what Comcast did to me. After calling their "security" department and explaining myself, I was able to get my ability to send over port 25 restored. Then, I diligently went to work investigating the settings of my home network router. My trick will NOT help you if you are a single-computer user with your modem hooked directly into your machine, but if you do have a router, the idea is to look into the settings that control access to the network or port blocking. This is not the same as port forwarding, although the port-blocking or access control settings may be in the same area as your port forwarding section.
PRE-REQUISITES:
1. You must have a fairly recent router - not all support access control.
2. Your computers must be set for DHCP and have "reservations" set up in
the router's configuration. This may work with static IP addresses, but a
DHCP reservation works easier, as you will see later.
3. You must have a limited DHCP scope to assign to "visiting" computers.
I am going to go over the steps to set up the
Dlink DIR-655
router for personal port blocking.
1. Log into the router with the admin user and password.
2. At the top, click SETUP, then NETWORK SETTINGS
Make sure the DHCP server is enabled. Set the last digits in the range from 10 to 15. For example, if your router's address is 192.168.0.1, the DHCP server range should be 192.168.0.10 - 192.168.0.15. That's assuming you have LESS THAN 5 computers. It can be more or less. Always increment the number by one or two to allow for additions later.
3. Restart all connected computers and return to the
DLink router setup pages. You should see your computers listed under DHCP
Clients.
4, Click RESERVE, and adjust any settings in the DHCP
RESERVATION section. Save your settings, and reboot the router.
5, Once all of your network computers have a reserved IP address, we can move to setting up access control. Click ADVANCED at the top, and ACCESS CONTROL on the left. The policy table will be empty, not showing any machines, unlike what you see below.
6. Click ENABLE ACCESS CONTROL, then ADD POLICY
7. Click NEXT, then type a short policy name - for example PORT25 BLOCK.
8. Click NEXT, keep the policy schedule at ALWAYS and
click NEXT again.
9. Under ADDRESS TYPE click OTHER MACHINES, click OK, and click NEXT.
10. Choose BLOCK SOME ACCESS, APPLY PORT FILTERS and click NEXT.
11. Enable the first check box. Under NAME, put Port 25.
12. Keep the IP range the way it is, and change the protocol to TCP.
13. Change DEST PORT START and DEST PORT END to 25. Click
SAVE.
Now we have essentially blocked port 25 from ALL computers
on our network. If that is your intention, you may stop here.
However, if you wish to override the block for certain machines, follow the
below example.
To test your settings, use the following at a command
prompt:
telnet smtp.comcast.net 25
On your "reserved" computers, you should get a response
in the form of a single line that shows where the server is coming
from. For example:
220 OMTA05.comcast.net comcast ESMTP server
ready
On ANY OTHER MACHINE you connect, like a friend's machine, the request should TIME OUT or not connect at all. This is what you want. This way you may continue to use your [hopefully protected] computers as normal, but any new machines will not be able to access port 25. If you add new machines to your lan that you WANT to access port 25, you'll need to add a reseveration, and add the computer to the PORT 25 OVERRIDE policy.
CLICK
HERE TO GO BACK TO THE PAGE YOU CAME
FROM
OR
CLICK HERE TO RETURN TO
RUGGIERO AV SERVICES HOME