Port numbers used by Windows Update process

Well here is the ports being usued on my machine

IEXPLORE.EXE:2556      TCP      :3058      v4-ori.windowsupdate.microsoft.com:http      ESTABLISHED      
IEXPLORE.EXE:2556      TCP      biscuitheads.attbi.com:3059      v4-ori.windowsupdate.microsoft.com:http      ESTABLISHED      
IEXPLORE.EXE:2556      TCP      :3060      v4-ori.windowsupdate.microsoft.com:http      ESTABLISHED      
IEXPLORE.EXE:2556      TCP      :3061      v4-ori.windowsupdate.microsoft.com:http      ESTABLISHED      
IEXPLORE.EXE:2556      TCP      :3062      v4-ori.windowsupdate.microsoft.com:http      ESTABLISHED      
IEXPLORE.EXE:2556      TCP      .com:3063      v4-ori.windowsupdate.microsoft.com:http      ESTABLISHED      
IEXPLORE.EXE:2556      TCP      :3064      v4-ori.windowsupdate.microsoft.com:http      ESTABLISHED      

IPEye is a freeware TCP port scanner
http://www.ntsecurity.nu/toolbox/ipeye/

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

He wants to know WHAT ports windows update uses, not how to scan another computer. I've checked 3 times since I posted here, and windows update port's change everytime, I've not once see it connect to the same source port, destination is actually 80. Like I said, you'll need to allow connections to v4-ori.windowsupdate.microsoft.com in your firewall... or permit your internal boxes to access the internet via port 80. The downloads are also done on port 80, my first post was a little off... the rule would look like this instead

access-list Two allow tcp host1.your-domain.com any to v4-ori.windowsupdate.microsoft.com 80

If you allow your internal host's to go to destination port 80, you should be fine.  not sure what firewall your using... they all operate differently.
-rich

Port numbers are relevant only to servers. If you try to connect to another server (rather than listening for connections), Windows automatically selects a random high port (>1024) to establish the connection from.
The only port number relevant is the destination port on the target machine. In this case, Windows Update always uses http (port 80). Sometimes https is also used (port 443).

To some extent... A few services or programs do go out a certain Source port, and almost always the destination to a specfic port. Windows uses certain sourceports and destination ports, espically in AD. It's actually an interesting work-around for their IPSEC "firewall" policies. If you bind a scanner like nmap to src port 88 or 445 and scan a box running windows ipsec firewall, you can see all the ports that are open on that windows box, however if you Nmap the regular way, by using ephemeral ports (1024 to 4999- typically) the scan will reveal only what Ipsec let's in. So you see Kerberos uses port 88 as Src and Dst. This is not typical of most applications to use the same src and dst. Your Usually concerned with the dst port. http://www.securityfocus.com/infocus/1528
Item E states...
Kerberos – Kerberos is the core authentication protocol used in Windows 2000 and XP. Kerberos traffic uses a TCP and UDP source and destination port 88. It is important to keep in mind that the IPSec exemption for Kerberos traffic is as simple as: if a packet is TCP or UDP, and has a source or destination port equal to 88, then permit the packet unprotected. This exemption can be disabled in Windows 2000 and XP.


Anyway- port 80 as the dst is what you need to allow, either to all hosts, or specfic ones.
-rich