Don't you think it would be better to turn off those ports on the router? It's always better to close those ports off before you get to the machine. I'm assuming that router supports that option. It would be a pretty horrible one not to. Also remember that when behind a router, you have the nifty advandage of being behind a little feature called NAT (Network Address Translation). What that means is that if the router has to know where to send the packet. So if you block ports 21, 25, and 80, and a request to one of those ports comes in to your router, it knows to drop the packet instead of forwarding it on. Also remember that if the router doesn't know where to forward the packet, it will just drop it. It's not exactly easy to telnet into a machine behind a NAT "firewall" unless the router is set to forward requests on port 21 to that machine. The same applies to FTP, HTTP, or basically any other kind of request. So just block all ports that you never use, and you basically have eliminated somebody's chances of even getting past your router. At that point, their only choice is to come in through one of the few ports you have left open, and they still have to get through NAT. If they actually make it that far, they still have your software firewall to contend with. As for that, I don't know how good Norton Personal Firewall is, but if you're feeling experimental, try Tiny. It's freeware, so you don't have to pay for it. You can get it here. I used it before I got fed-up with Windows, and it worked beautifully.





Another suggestion about locking down your box would be to get rid of Windows. Show me a Windows box, and I'll show you a hacking waiting to happen. Just by installing something like Linux or BSD, you automatically make yourself immune to almost all viruses, the vast majority of script kiddie attacks, and end up with less vulnerabilities for real hackers to exploit.