[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Ports allowed for outlook Express

Posted on 2004-04-07
3
Medium Priority
?
233 Views
Last Modified: 2010-04-09
Hey Guys,
Simple question hopefully.
I am doing some testing on some firewalls and have a question regarding Outlook Express.
I am running Ethereal to see exactly what is going over the line and to what ports. OE talks out on 110 retrieving mail but then the outside server responds on a 25xx port usually. I know this is common because the computer issues another port to continue the conversation on. How does this affect how you are setting up your firewall. Shouldn't the conversation bomb out because of the 25xx ports being used?
Thanks a million.
0
Comment
Question by:Premiernc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 10797722
Any TCP/IP connection is initiated by an initiating port and a response port. The respose port is usually a port from the not reserved pool. If you see in your firewall logs a communication with local port on 25xx and remote port on 110, that means that your server or client has established a connection with the remote server. As the 110 port is reserved and maybe used by your own system, the remote server cannot respond on the same port, usually it takes a port offered by your own server/client (25xx). Within your log file, you can see, that the ports will arise, i.e. 2510 for the first request, 2511 for the second and so on, as long as ports are available.

As your firewall knows the established ports for this single connection, the firewall is able the handle this. That means, that there is no need for any additional setting, as these ports can only be used for this dedicated connection. As long as the port is used, no other application can make a request to the local port (25xx) as it is dedicated to this connection and used as long as the connection is open. If the connection closes, the port is also closed and your firewall do not allow, that anybody else can use it.

The configuration is made in that way, that you allow port 110 for outgoing requests and any port for the corresponding answers. This is usually made within the same protocol definition. This means, that only the remote server, which gets a request on port 110 can answer to the request (on any port), but can not make a request for its own.

If you are unsure, if your firewall is save, you can test it by using

Shields UP
https://grc.com/x/ne.dll?bh0bkyd2
0
 
LVL 1

Author Comment

by:Premiernc
ID: 10805699
Thanks for the info. I also imagine that your firewall has to stateful in order to dedicate the port the current application, is this corrrect. Thanks again.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 1000 total points
ID: 10806071
If an application establishes a connection to a remote system, the firewall has usually nothing to do (in the first step) with any used port ranges. This is a agreement between the initiation application and the remote server. If your applications initiates a connection on port 110, it usually offers a port range for response, from which one free port is choosen, or it accepts any port. As long as the connection is established, no other application can use these (two) ports as TCP/IP do not allow that. This is the reason, why you have to setup your firewall i.e. for port 110 local outgoing and any port remote for response. As every connection gets a session-ID, the firewall knows, which session is allowed to answer, which is only the session, originally initiated on port 110.  The other ports out of the port range are obsolete, therefore free for other communication, but not open from outside.

Hope this answers your second question?
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question