Blocking specific ports with ZAP

Discussion in 'other firewalls' started by eyespy, Dec 23, 2002.

Thread Status:
Not open for further replies.
  1. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Is it possible to block port 445 specifically with ZAP ?
    Getting a couple of hits on that port these days. Thanks to the Iraq worm ! :mad:

    regards,
    bill :)
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Hi Bill,

    No, ZAP doesn't really have that specific feature...

    If your Internet Zone security level is set to High, than all ports are blocked automatically, except for those you've specifically allowed, either directly in the ZAP > Firewall (panel) > Main (tab) > Internet Zone Security > Custom > "Allow incoming TCP ports: ####", or indirectly by granting server access rights to a program that is listening on that port.

    There is no specific global "block this port" parameter when security for a zone is set to High, but, there is when the security level is at Medium, since the default for most ports when ZAP is at Medium is to not block (the exception being the NetBIOS ports, which are blocked for the Internet Zone even when security is at Medium).

    So, no, there really isn't a place to tell ZAP to always block a specific port, under all conditions, globally, on your system, as you are describing in your question. Running at Medium, just to block a port, that would have been blocked by default at High, hardly seems worth it. ;)

    Of course, you have the option of blocking a port within the scope of a single program if you wish. Say you knew that a specific program, (like Generic Host Process in XP, aka. svchost.exe), was able to listen on port 445, and even though you have NOT been allowing it server rights, you still wanted to ensure it couldn't listen on that port in the Internet Zone, you could go into the advanced program controls and block that, which would be perhaps a safety net, just in case you somehow allowed server rights...

    In the Program Control (panel) > Programs (tab) > Options (for the specific highlighted program, such as svchost.exe), you can block ports via the "Allow access for any port EXCEPT for those checked below" option. (see image below.)

    I don't recommend this as necessary since ZAP is already blocking ports just fine, if configured as I described above, however, similar to my limited allowed access settings for Outlook Express in the "Zone Alarm Plus/Pro Program Options" thread, I suppose you could do this, just to be sure, at least as far as that one program goes.

    Hope this helps,
    LowWaterMark
     

    Attached Files:

  3. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Thanks LWM !
    So by having Internet Zone set to to "high security" this should block port 445 ?

    Thanks and Merry X-Mas !!

    bill ;)
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Yes, at High Security, port 445 will be blocked by ZA unless you specifically allow port 445 by either granting server rights to the process that listens on 445, (in XP, it's svchost - not sure about other OS's at the moment), or specifically allowing that port in the custom firewall screen as noted above.

    ZA automatically blocks ports like 135 (epmap), 445 (microsoft-ds), and all the NetBIOS ports, when security is set at High for the Trusted zone, and at High or Medium for the Internet Zone. (Well, it blocks others too, but you get the point. ;) ).

    Happy Holidays,
    LowWaterMark
     
Loading...
Thread Status:
Not open for further replies.