How to block all internet traffic on one computer on home network.

TearsOnTheKeyboard

Commendable
Feb 18, 2016
2
0
1,510
But still need access to files between computers. Post in another thread recommended blocking ports for that computer. Went into router setup but do not see how to do that. And my understanding of ports etc is limited.

If this helps - PC in question is still running XP, other pcs on network running win7 and 10. And they are all wired, not wifi,

Hope you can help
Thanks
BC

 
Solution
Hmm- are you using the default WFP? If so Microsoft says this about what ports are used:
The following ports are associated with file sharing and server message block (SMB) communications:
Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).
-Microsoft
So, blocking 404 and 443 will eliminate most internet traffic, and the best would be to block all ports but those listed and the network protocol ports. As for how to do so, it depends on your router. If you are using the same router your ISP gave you it is doubtful.
I assume you want to keep the XP computer off the internet because Microsoft is no longer providing support (security updates) for that version. Why don't you just uninstall any and all internet browsers from that computer? That would prevent someone clicking on something that contains a virus or malware. I don't know about incoming attacks though.
 
Hmm- are you using the default WFP? If so Microsoft says this about what ports are used:
The following ports are associated with file sharing and server message block (SMB) communications:
Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).
-Microsoft
So, blocking 404 and 443 will eliminate most internet traffic, and the best would be to block all ports but those listed and the network protocol ports. As for how to do so, it depends on your router. If you are using the same router your ISP gave you it is doubtful.
 
Solution

kyzarvs

Distinguished
Uninstall all other browsers, in control panel internet connection, LAN (from memory, probably miles off) set the proxy to be something other than the gateway - this will break browser connection. Sharing files etc still needs a Gateway at IP level to be reliable, so I wouldn't use that. Depending on the quality of your router you may be able to set different settings for that machine through there (I used to do this with my son's PC - his DHCP profile directed him to a different gateway to the rest of the network that was a VM that shut down at night so he'd go to bed!)

If you do get back to port blocking, you need 80 (normal web) and 443 (https) + whatever else you think is required (Remote Desktop, Skype etc etc)
 

Caleb323

Honorable
Jul 28, 2013
21
0
10,520



You could uninstall all browsers and then go into Windows Features and disable Internet Explorer. Here's a link on how to get to Windows Features - link
 

TearsOnTheKeyboard

Commendable
Feb 18, 2016
2
0
1,510
Wow - great responses.
@mjslakeridge - XP isn't the issue. I've noticed a lot of disk activity lately and just want to block any possible evil traffic until I retire it in a couple of months.
And I like to limit connectivity as a general rule.
@computersecurityguy - I'm afraid your shooting over my head. Not sure where I would find those settings.
My knowledge in this area is limited.
[[rant]] why the heck isn't there a simple switch in the control panel that allows local traffic only? [[end rant]]
@emerald - I'll try this first and report back.

Thanks