Ports will not close?

[CoffeeFiend]

I basically ignored what the OP posted the website was telling him and trying to tackle the basics of the problem. In his initial posts it was made clear he wanted to block FTP (among other types of connections) going out, but was focusing on the inbound (21) port. That was why my focus on the subject changed to stopping the client from connecting to an FTP server.

And meanwhile I've done the complete opposite. I've mostly assumed he wasn't so sure what outbound meant in the first place, and that he was worried by the results on that GRC site and went from there

netstat shows the protocol being used as well as the port

It makes its protocol "guess" based on the TCP destination port (here it's 21 indeed).

[bphlpt]

So now we just need to hear from the OP and find out exactly what his concerns really were and why.

Cheers and Regards

[Tripredacus]

Quoted for reference:

I've tried to block the following ports via Windows Firewall in Windows 7 Ultimate: FTP (#21), SSH (#22), Telnet (#23) as per here, but the ports remain open. What am I doing wrong?

See the original question is that OP wanted to block those ports (21-23) however blocking those ports would only prevent access IF the computer was a Server. As an example, blocking port 21 would prevent OTHER computers from connecting to this computer if an FTP Server was running on it. And why would you install an FTP server with a blocked port 21?

Anyways, I presumed this meant that the OP wanted to prevent the computer from connecting to an FTP server, which would require blocking the outbound ports, not port 21.

[UltimateSilence]

Quoted for reference:

I've tried to block the following ports via Windows Firewall in Windows 7 Ultimate: FTP (#21), SSH (#22), Telnet (#23) as per here, but the ports remain open. What am I doing wrong?

See the original question is that OP wanted to block those ports (21-23) however blocking those ports would only prevent access IF the computer was a Server. As an example, blocking port 21 would prevent OTHER computers from connecting to this computer if an FTP Server was running on it. And why would you install an FTP server with a blocked port 21?

Anyways, I presumed this meant that the OP wanted to prevent the computer from connecting to an FTP server, which would require blocking the outbound ports, not port 21.

You are correct...

[bphlpt]

But the question remains - Why? Was my assumption correct?

I assumed since he was talking about blocking outgoing ftp, if I understood him correctly, that he was concerned for some reason that a nefarious rogue program could get on his system and "call home" or something via ftp, hence the attempts to block the appropriate ports.

And since the outbound ports are assigned dynamically, it doesn't seem you are going to be successful. Do you have a backup plan?

Cheers and Regards

[UltimateSilence]

But the question remains - Why? Was my assumption correct?

I assumed since he was talking about blocking outgoing ftp, if I understood him correctly, that he was concerned for some reason that a nefarious rogue program could get on his system and "call home" or something via ftp, hence the attempts to block the appropriate ports.

And since the outbound ports are assigned dynamically, it doesn't seem you are going to be successful. Do you have a backup plan?

Cheers and Regards

I do not have a backup plan.

But thank you for all of your help!

Edited February 23, 2012 by UltimateSilence