Steven
Fri Apr 16 16:33:52 CDT 2004
I think you have it backwards. Port 80/443 tcp are the outbound ports used for IE web
browsing. Ports above 1023 are the unprivileged ports that can be randomly assigned
as a return port to establish the tcp connection for the client as shown via
netstat- -an when you are connected to the internet. A firewall whether a
hardware/NAT device at the perimeter or a personal firewall if not used on a lan by
default should be blocking ALL uninitiated inbound traffic and then ideally you can
configure outbound rules, possibly mapped to applications with a personal firewall,
for only allowed access such as the web, dns, mail, and newsgroups and the firewall
will dynamically allow only return traffic in response to your outbound requests.
Doing that would also block unauthorized applications/trojans from accessing the
internet. Blocking uninitiated inbound traffic will have no affect on your computer
unless you are hosting a website or such for user access from the internet. ---
Steve
"MoCity" <anonymous@discussions.microsoft.com> wrote in message
news:F81B4E87-56DF-4195-8D79-719510ECBAC2@microsoft.com...
> Hi, I am considering blocking certain ports on my workstation that are well known
to be used by viruses. For example,
> I could block 2283 which the W32/Dumaru.ad virus listens on.
> I don't expect to be running any servers on this port.
> However, some programs like Internet Explorer, occasionally use this port to go
outbound.
> From what I can tell, Internet Explorer, Outlook, MMC, and other apps seem to just
try
> ascending ports and if they can't connect on 2283, they'll connect on 2284. Is that
true?
> Also, will blocking 2283 or other non-registered ports (i.e. i am not talking about
port 80) for all communications have bad effects on any Windows/Microsoft programs?
> Thanks.
>