[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Please help with my list....

Posted on 2002-07-29
Medium Priority
Last Modified: 2012-08-30
I really appreciate the information that you've provided so here I am again looking for more help. I need help. I have to create a list of most of the more popular file sharing programs and their respective defaulted/common ports. I need to do this to help block these programs from my little network. Can anyone help me? All answers are greatly appriciated.
Question by:sadcomputeruser
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

mbruner earned 195 total points
ID: 7186405

Expert Comment

ID: 7186416
This seems to be fairly complete & usable:

You need to read through the explainations, since this is somewhat geared toward a specific system, but which IP's & ports to block seem fairly weel documented.

Expert Comment

ID: 7186963
A two cents worth comment

This is really a less than preferred approach to handling a open ports issue.  Here is why,

One, you are blocking only for the "more popular file sharing programs".  Are you starting with a list of "popular file sharing programs" as of today, or was 8 months ago, or 2 years, or ???  What if the usage is by a less popular one, will you just think no one will ever use that one so why worry about it?  Or that 'xyx' application won't become the "most popular" by the time you get your list made.  What if it is really evil but not popular, would that make it on the list somewhere?

Two, you are blocking on a port by port basis, assuming that the "commonly" used port is only port that can be used, which is not the case.  Further more, there are around 65 thousand port numbers, most in a range that rarely are seen as common but are as equally effective and are certainly open for use unless designated otherwise.  Lots of work to individually "control" each port.

The more common approach, and one which makes more sense, is to put up a strong firewall, blocking ports in general  and only OPEN those ports that are deemed needed for specific authorized applications.  Thus the only entries that would be required are two, maybe three per application.

Just a couple thoughts to consider.
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.


Expert Comment

ID: 7188131
I agree 100% with ITsy.  Locking down everything and opening the ports you use is certainly more secure than the alternative.  This can be very difficult, as you need to baseline and document your network to determine exactly what needs to be allowed.

Of course, its still nice to know the ports that these programs use, so you can monitor your LAN for attempts to use these programs and then "speak" with the offenders running them.

I guess between us, we got about 4 cents in the pot.  ;-)

Author Comment

ID: 7188892

I understand the essence of what you and mbruner are saying. But, at home I have IMesh, WinMX, AIM, Yahoo Messenger and Microsoft Messenger (.NET) and when I got to the option to use  a proxy (if I wanted to use one) one has to know what server to use and with SOCKS 5 you need a password and ID. It gets pretty confussing and conplicated from what I see. Even using the port 80 I would have to know the server's name. Now, if I don't know the server's name (and/or ID and password), I cannot change ports right? Plus, is this information on the web? The Iana.org link is very informative but if I wanted to change ports, I would need way more info than that, right?


Expert Comment

ID: 7189002
I'm confused a little by your latest post, so if I'm explaining something you already know, I apologize in advance.

A Proxy is a server that authenticates users before they are allowed to access certain services on an external network (e.g. http, https traffic).  It also acts as a type of PAT device, in that all allowed outbound traffic is sent with the proxy's IP address information.

In order to use a proxy, you would have to have one installed on your local network.  If you haven't installed one on your network, then you don't need to worry about setting your apps up to use one, nor do you have to worry about using non-standard ports.

If you are trying to get around the proxy or a firewall, then many times you can tunnel your traffic through allowed ports (e.g. port 80).  In the case of a proxy, you usually need a valid username and password on the proxy to access the web with (port 80).

If users are bypassing the firewall or proxy as described above, you can implement IDS solutions to pick out and disallow these types of traffic.  We use ISS Scanner at work and it performs wonderfully.  

Author Comment

ID: 7189055

I'm sorry if I confused you. Remember that I'm a "Sad Computer User" :) This is the list of the P2P's targeted:
KAZAA, GNUTELLA, AIMSTER (madster, whathaveyou), NAPSTER (??), LIMEWIRE, BEARSHARE, GROAKSTER, IMESH (:( ), MORPHEUS, WINMX, AUDIOGALAXY, FREENET, HOTLINE and SCOUR (??). These are the 14 P2P applications (for starters) that the guys here are trying to block. These are the ones that they are trying to get port numbers for. These are the ones that are most frequently used here. They want to keep the network available but just want to rid it of all the extra traffic and virual dangers. That's why they didn't want to shut down so many ports (I'm not too tech savvy so, I'm likening the 65K+ ports to nautical ports, like those around San Fran or NYC, am I right?. A firewall would equal a Berlin wall of sorts with the ports on the outside and only at certain ports do they have a road leading directly into the "city" via a checkpoint, in the wall.) I put a question mark next to some apps because I thought that they were "unpopular" or fee based. I just wanted to know what ports did these apps use for whatever they do. Then, when you brought up the ability to change ports, now I'm wondering if a citizen in the city can get around the Berlin wall to reach a ship that's not a port with a checkpoint? If they can, exactly how can they do it and if you know of any Web info that details this, like the links you gave me before. you mentioned an IDS solution to this workaround, but I don't know just how it fits into my port/wall/city analogy. Please help. Thanks.

Expert Comment

ID: 7189221
Your analogy is fitting.  I always use one that goes something like this:

Network of IP Addresses = Nation
IP Address = City
Port = Street Address for a Store
Firewall = Guarded wall around nation (your network)
Proxy = Border Patrol
IDS = Military (can be outside or inside firewall)

If you are trying to connect to a specific service on the network (e.g. store within a city), you need to know the server and port number.  

If I don't want users to access a certain service, I check for traffic leaving (or entering) the network.  If it is going to a non-allowed port, then I block it.  In my analog, if you are going to a store in another nation (or foreigner is trying to go to that store within my nation) and I don't want you to, I stop you at the wall.

Also, there are some instances when I want to authenticate users before they can access services outside the network.  I could then implement a proxy server.  The proxy would require you to prove who you are before you are allowed to access that service.  I could then keep logs on where you've been, etc.  Also, if I don't want certain service to be used by you, then I can disallow you access to it through the proxy.  In the analogy, this could be seen like this:  You are trying to leave the city.  The border patrol stops you to check your passport and asks which nation, city and store you are destined for.  If your passport doesn't allow you to access that nation, city or store, you are stopped and the attempt is recorded.

Some applications try to get around proxies and firewalls by disguising themselves as legitimate traffic.  For instance, you can change AIM to use port 80 instead of its default port.  This can fool firewalls and proxies into allowing the traffic.  Firewalls and proxies can combat this on a limited basis by disallowing access to networks or individual IP addresses (e.g. don't allow any traffic to the AIM servers).  Analogy:  I try to exit the nation.  The border patrol and guards at the wall stop me and ask me where I'm going.  I lie to them and tell them that I'm going to a legitimate store in a particular city and nation.  My passport is good for that particular store to any city or nation, so I am allowed.  The only way to be stopped would be if they didn't allow me to go to that particular nation or city, my passport was bad, or the legitimate store I lied about wasn't allowed to be visited.

One way to get stop people from taking advantage of using lying about the port you are destine for is to examine the actual data being sent.  This is where IDS comes into play.  IDS is primarily used to protect your network from external attacks.  Another value added feature is that it allows you to more closely check traffic leaving the network.  If upon closer inspection, you aren't using the service that is expected to be on that port, the IDS can reset the connection and you are effectively blocked.  Analogy:  You finally get out of the nation by lying about where you are going.  You come upon a military inspection point.  They ask you what you are carrying.  Upon looking at what you've got, they notice telltale signs that show you are not accessing the store you originally told in the expected manner.  You are apprehended and sent back to your own nation.  Again, this can be recorded.

Anyway, that's my analogy.  I'm sure there are a zillion different spins.

I doubt this helps much...  The IANA website is where you will find the default ports for most everything.  Search www.google.com for anything that is missing.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question