Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 234
  • Last Modified:

Ports allowed for outlook Express

Hey Guys,
Simple question hopefully.
I am doing some testing on some firewalls and have a question regarding Outlook Express.
I am running Ethereal to see exactly what is going over the line and to what ports. OE talks out on 110 retrieving mail but then the outside server responds on a 25xx port usually. I know this is common because the computer issues another port to continue the conversation on. How does this affect how you are setting up your firewall. Shouldn't the conversation bomb out because of the 25xx ports being used?
Thanks a million.
0
Premiernc
Asked:
Premiernc
  • 2
1 Solution
 
BembiCEOCommented:
Any TCP/IP connection is initiated by an initiating port and a response port. The respose port is usually a port from the not reserved pool. If you see in your firewall logs a communication with local port on 25xx and remote port on 110, that means that your server or client has established a connection with the remote server. As the 110 port is reserved and maybe used by your own system, the remote server cannot respond on the same port, usually it takes a port offered by your own server/client (25xx). Within your log file, you can see, that the ports will arise, i.e. 2510 for the first request, 2511 for the second and so on, as long as ports are available.

As your firewall knows the established ports for this single connection, the firewall is able the handle this. That means, that there is no need for any additional setting, as these ports can only be used for this dedicated connection. As long as the port is used, no other application can make a request to the local port (25xx) as it is dedicated to this connection and used as long as the connection is open. If the connection closes, the port is also closed and your firewall do not allow, that anybody else can use it.

The configuration is made in that way, that you allow port 110 for outgoing requests and any port for the corresponding answers. This is usually made within the same protocol definition. This means, that only the remote server, which gets a request on port 110 can answer to the request (on any port), but can not make a request for its own.

If you are unsure, if your firewall is save, you can test it by using

Shields UP
https://grc.com/x/ne.dll?bh0bkyd2
0
 
PremierncAuthor Commented:
Thanks for the info. I also imagine that your firewall has to stateful in order to dedicate the port the current application, is this corrrect. Thanks again.
0
 
BembiCEOCommented:
If an application establishes a connection to a remote system, the firewall has usually nothing to do (in the first step) with any used port ranges. This is a agreement between the initiation application and the remote server. If your applications initiates a connection on port 110, it usually offers a port range for response, from which one free port is choosen, or it accepts any port. As long as the connection is established, no other application can use these (two) ports as TCP/IP do not allow that. This is the reason, why you have to setup your firewall i.e. for port 110 local outgoing and any port remote for response. As every connection gets a session-ID, the firewall knows, which session is allowed to answer, which is only the session, originally initiated on port 110.  The other ports out of the port range are obsolete, therefore free for other communication, but not open from outside.

Hope this answers your second question?
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now