Some of the malware use special ports to connect to the infected computers. For example, the ports 5400, 5401 and 5402 are used by the Blade Runner malware. Similalry, the backdoor trojan SubSeven uses ports 6711, 6712 and 6713 to connect to your computer. For security reasons you may want to block access to such ports of your computer. You can use Windows Firewall to block access to such ports of your system. You can block a port in the Windows Firewall using the steps shown below :
In these steps, we are going to block the ports 5400, 5401 and 5402 as an example.
- Press the key combination Windows logo key + R on your keyboard to open the Run dialog. Type wf.msc in the Run dialog and press Enter. This would open the Windows Firewall with Advanced Secruity window.
- The Windows Firewall window has a list of rules in the left side. Inbound rules are used when an external computer connects to a port on your local computer. Click on the Inbound Rules in the this list on the left side to select the inbound rules section.
- Click on the New Rule… on the right side of the Windows Firewall window. Alternatively, you can also select Action → New Rule from the menubar. This would open the New Inbound Rule Wizard window.
- In the wizard, select Port as the new Rule Type and click Next,
- You have to select whether you want to open a TCP port or a UDP port. We are going to block ports used by the Blade Runner malware which uses TCP ports. So we would be selecting TCP port in this example. Then click on Specific local ports. Then choose one port like 5400, or a range of ports like 5400-5402 (all ports from 5400 to 5402). You can separate ports by a comma. The protocol type (TCP or UDP) and the number of port(s) depends on the program you are blocking ports for. Click Next to continue.
- Select Block the connection as the Action and click Next.
- Windows Firewall uses different profiles for different types of connections. In this step, select all options (Domain, Private and Public) to make sure the port is blocked in all the profiles. Click Next to continue.
- You have to give a name to the new rule. You can type any name you like. For this example, we would use Block malware ports for the new rule. You can also type a description of the new rule but it is not necessary. Then click the Finish button to finalize the rule.
- That’s it. You have successfully created a new inbound rule to block some ports of your computer. You can use the same instructions to block any port or port range on your computer.