Hack 81. Close Down Open Ports and Block Protocols
You don't need a firewall to protect your PC; you can manually close down ports and block certain protocols.
As noted in [Hack 77] and [Hack #78], firewalls can protect your PC and your network from intruders. But if you don't want to use a firewall and you still want protection, you can manually close down ports and block protocols.
Some of these ports and protocols are more dangerous than others. For example, leaving open the port commonly used by Telnet (port 23) means someone could use that service to take control of your PC. And the infamous Back Orifice Trojan, which also can give malicious users complete control of your PC, uses a variety of ports, including 31337 and 31338, among others. For a list of which ports are used by Trojans, go to http://www.sans.org/resources/idfaq/oddports.php.
In this hack, you'll need to know which ports you want to be open on your PC, such as port 80 for web browsing, and you'll close down all others. For a list of common ports, see Table 5-1. For a complete list of ports, go to http://www.iana.org/assignments/port-numbers.
To close down ports and protocols manually, right-click My Network Places and choose Properties to open the Network Connections folder. Right-click the connection for which you want to close ports and choose Properties. Highlight the Internet Protocol (TCP/IP) listing and choose Properties. On the General tab, click the Advanced button. Click the Options tab, highlight "TCP/IP filtering," and choose Properties. The TCP/IP Filtering dialog box appears. To block TCP ports, UDP ports, and IP protocols, choose the Permit Only option for each. Doing this will effectively block all TCP ports, UDP ports, and IP protocols.
You don't want to block all ports, though, so you have to add the ports you want to allow to passsuch as port 80 for web access. You need to keep port 80 open if you want to browse the Web. Click Add to add the ports or protocols you will allow to be used, as shown in Figure 8-26. Keep adding as many ports and protocols as you want to be enabled, and click OK when you're done. Only the ports and protocols that are listed will be allowed to be used.
Figure 8-26. Blocking TCP ports, UDP ports, and IP protocols
Keep in mind that Internet applications and services use hundreds of TCP and UDP ports. If, for example, you enable only web access, you won't be able to use all other Internet resources, such as FTP, email, file sharing, listening to streaming audio, viewing streaming video, and so on. So, use this hack only if you want your PC to use a very limited number of Internet services and applications.