Please help with my list....

Posted on 2002-07-29
Last Modified: 2012-08-30
I really appreciate the information that you've provided so here I am again looking for more help. I need help. I have to create a list of most of the more popular file sharing programs and their respective defaulted/common ports. I need to do this to help block these programs from my little network. Can anyone help me? All answers are greatly appriciated.
Question by:sadcomputeruser
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

mbruner earned 65 total points
ID: 7186405

Expert Comment

ID: 7186416
This seems to be fairly complete & usable:

You need to read through the explainations, since this is somewhat geared toward a specific system, but which IP's & ports to block seem fairly weel documented.

Expert Comment

ID: 7186963
A two cents worth comment

This is really a less than preferred approach to handling a open ports issue.  Here is why,

One, you are blocking only for the "more popular file sharing programs".  Are you starting with a list of "popular file sharing programs" as of today, or was 8 months ago, or 2 years, or ???  What if the usage is by a less popular one, will you just think no one will ever use that one so why worry about it?  Or that 'xyx' application won't become the "most popular" by the time you get your list made.  What if it is really evil but not popular, would that make it on the list somewhere?

Two, you are blocking on a port by port basis, assuming that the "commonly" used port is only port that can be used, which is not the case.  Further more, there are around 65 thousand port numbers, most in a range that rarely are seen as common but are as equally effective and are certainly open for use unless designated otherwise.  Lots of work to individually "control" each port.

The more common approach, and one which makes more sense, is to put up a strong firewall, blocking ports in general  and only OPEN those ports that are deemed needed for specific authorized applications.  Thus the only entries that would be required are two, maybe three per application.

Just a couple thoughts to consider.
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users


Expert Comment

ID: 7188131
I agree 100% with ITsy.  Locking down everything and opening the ports you use is certainly more secure than the alternative.  This can be very difficult, as you need to baseline and document your network to determine exactly what needs to be allowed.

Of course, its still nice to know the ports that these programs use, so you can monitor your LAN for attempts to use these programs and then "speak" with the offenders running them.

I guess between us, we got about 4 cents in the pot.  ;-)

Author Comment

ID: 7188892

I understand the essence of what you and mbruner are saying. But, at home I have IMesh, WinMX, AIM, Yahoo Messenger and Microsoft Messenger (.NET) and when I got to the option to use  a proxy (if I wanted to use one) one has to know what server to use and with SOCKS 5 you need a password and ID. It gets pretty confussing and conplicated from what I see. Even using the port 80 I would have to know the server's name. Now, if I don't know the server's name (and/or ID and password), I cannot change ports right? Plus, is this information on the web? The link is very informative but if I wanted to change ports, I would need way more info than that, right?


Expert Comment

ID: 7189002
I'm confused a little by your latest post, so if I'm explaining something you already know, I apologize in advance.

A Proxy is a server that authenticates users before they are allowed to access certain services on an external network (e.g. http, https traffic).  It also acts as a type of PAT device, in that all allowed outbound traffic is sent with the proxy's IP address information.

In order to use a proxy, you would have to have one installed on your local network.  If you haven't installed one on your network, then you don't need to worry about setting your apps up to use one, nor do you have to worry about using non-standard ports.

If you are trying to get around the proxy or a firewall, then many times you can tunnel your traffic through allowed ports (e.g. port 80).  In the case of a proxy, you usually need a valid username and password on the proxy to access the web with (port 80).

If users are bypassing the firewall or proxy as described above, you can implement IDS solutions to pick out and disallow these types of traffic.  We use ISS Scanner at work and it performs wonderfully.  

Author Comment

ID: 7189055

I'm sorry if I confused you. Remember that I'm a "Sad Computer User" :) This is the list of the P2P's targeted:
KAZAA, GNUTELLA, AIMSTER (madster, whathaveyou), NAPSTER (??), LIMEWIRE, BEARSHARE, GROAKSTER, IMESH (:( ), MORPHEUS, WINMX, AUDIOGALAXY, FREENET, HOTLINE and SCOUR (??). These are the 14 P2P applications (for starters) that the guys here are trying to block. These are the ones that they are trying to get port numbers for. These are the ones that are most frequently used here. They want to keep the network available but just want to rid it of all the extra traffic and virual dangers. That's why they didn't want to shut down so many ports (I'm not too tech savvy so, I'm likening the 65K+ ports to nautical ports, like those around San Fran or NYC, am I right?. A firewall would equal a Berlin wall of sorts with the ports on the outside and only at certain ports do they have a road leading directly into the "city" via a checkpoint, in the wall.) I put a question mark next to some apps because I thought that they were "unpopular" or fee based. I just wanted to know what ports did these apps use for whatever they do. Then, when you brought up the ability to change ports, now I'm wondering if a citizen in the city can get around the Berlin wall to reach a ship that's not a port with a checkpoint? If they can, exactly how can they do it and if you know of any Web info that details this, like the links you gave me before. you mentioned an IDS solution to this workaround, but I don't know just how it fits into my port/wall/city analogy. Please help. Thanks.

Expert Comment

ID: 7189221
Your analogy is fitting.  I always use one that goes something like this:

Network of IP Addresses = Nation
IP Address = City
Port = Street Address for a Store
Firewall = Guarded wall around nation (your network)
Proxy = Border Patrol
IDS = Military (can be outside or inside firewall)

If you are trying to connect to a specific service on the network (e.g. store within a city), you need to know the server and port number.  

If I don't want users to access a certain service, I check for traffic leaving (or entering) the network.  If it is going to a non-allowed port, then I block it.  In my analog, if you are going to a store in another nation (or foreigner is trying to go to that store within my nation) and I don't want you to, I stop you at the wall.

Also, there are some instances when I want to authenticate users before they can access services outside the network.  I could then implement a proxy server.  The proxy would require you to prove who you are before you are allowed to access that service.  I could then keep logs on where you've been, etc.  Also, if I don't want certain service to be used by you, then I can disallow you access to it through the proxy.  In the analogy, this could be seen like this:  You are trying to leave the city.  The border patrol stops you to check your passport and asks which nation, city and store you are destined for.  If your passport doesn't allow you to access that nation, city or store, you are stopped and the attempt is recorded.

Some applications try to get around proxies and firewalls by disguising themselves as legitimate traffic.  For instance, you can change AIM to use port 80 instead of its default port.  This can fool firewalls and proxies into allowing the traffic.  Firewalls and proxies can combat this on a limited basis by disallowing access to networks or individual IP addresses (e.g. don't allow any traffic to the AIM servers).  Analogy:  I try to exit the nation.  The border patrol and guards at the wall stop me and ask me where I'm going.  I lie to them and tell them that I'm going to a legitimate store in a particular city and nation.  My passport is good for that particular store to any city or nation, so I am allowed.  The only way to be stopped would be if they didn't allow me to go to that particular nation or city, my passport was bad, or the legitimate store I lied about wasn't allowed to be visited.

One way to get stop people from taking advantage of using lying about the port you are destine for is to examine the actual data being sent.  This is where IDS comes into play.  IDS is primarily used to protect your network from external attacks.  Another value added feature is that it allows you to more closely check traffic leaving the network.  If upon closer inspection, you aren't using the service that is expected to be on that port, the IDS can reset the connection and you are effectively blocked.  Analogy:  You finally get out of the nation by lying about where you are going.  You come upon a military inspection point.  They ask you what you are carrying.  Upon looking at what you've got, they notice telltale signs that show you are not accessing the store you originally told in the expected manner.  You are apprehended and sent back to your own nation.  Again, this can be recorded.

Anyway, that's my analogy.  I'm sure there are a zillion different spins.

I doubt this helps much...  The IANA website is where you will find the default ports for most everything.  Search for anything that is missing.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question