Port Blocking

Hi.  My understanding is that a port  is basically a number assigned within an IP packet which would allow the packet to be directed to an associated program in the PC (or whatever computer). It would seem to be just a sort of coding scheme or addressing scheme. Recently I have heard, within discussions of net neutrality and regulation of the net, that some telecoms have attempted to block ports. In the particular discussion I heard, it said that a telecom company had attempted to block voip ports for Vonage or Skype. Given that a port is just a number, I don't understand how the blocking of a port could take place. I would love to hear how this is done or what it means.
willie108Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sam PanwarSr. Server AdministratorCommented:
(n.) (1) An interface on a computer to which you can connect a device. Personal computers have various types of ports. Internally, there are several ports for connecting disk drives, display screens, and keyboards. Externally, personal computers have ports for connecting modems, printers, mice, and other peripheral devices.

Almost all personal computers come with a serial RS-232C port or RS-422 port for connecting a modem or mouse and a parallel port for connecting a printer. On PCs, the parallel port is a Centronics interface that uses a 25-pin connector. SCSI (Small Computer System Interface) ports support higher transmission speeds than do conventional ports and enable you to attach up to seven devices to the same port.

(2) In TCP/IP and UDP networks, an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic. Also see Well-Known TCP Port Numbers in the Quick Reference section of Webopedia.

(v.) To move a program from one type of computer to another. To port an application, you need to rewrite sections that are machine dependent, and then recompile the program on the new computer. Programs that can be ported easily are said to be portable.


How Port Blocking
Through a firewall
How firewalls work

http://computer.howstuffworks.com/firewall3.htm

1.      A Firewall block port s.
2.      download zonealarm pro and you can setting specific block setting and try to access
download and read documentation and test it your self
http://www.zonelabs.com/store/content/home.jsp

rdriscollCommented:
wow.  okay i'll try to explain this the best i can.

as a packet enters a router the header of that packet is examined.  inside the header it has the port information.  let's say it is port 80.  that's by default reserved for http/web traffic.  when you make your outbound connection you create with tcp a "tunnel" between you and your destination.  that tunnel is pretty much a socket on the machine virtually speaking.  your outbound syn packet you send to the http server destination has the destination port 80 with a source port random above 1024.  when the syn/ack or acknowledgement of the session returns from the destination http server it sends the packet with a destination port of your src port.  your computer recognizes what application owns that socket and sends the data to the appropriate place.

the routers across the internet can examine the packet's header along with src and dst ports.  therefore if there are dangerous ports open that are inherent security flaws i guess the argument could be made that the ports have the right to be blocked especially if the traffic doesn't belong in the intarweb in the first place.  but when they say blocked what they mean is the ports cross an "access-list" which says "if it's http traffic deny it" and the packet gets dropped or denied.  which doesn't allow that port to traverse across the network.  

hope that helps in a non-dictionary kinda way.

willie108Author Commented:
Thanks for a clear "non-dictionary" explanation!
So a telecom company could find out what port Vonnage or Skype has choosen to use (that would be simple I guess) and this port would not change -every Vonage user would be using the same one and hopefully there would not be a conflict with another software's choice of a port number (just to confirm, the choice is completely arbitrary right?).. Then the telecom could just block that particular ip packet (any packet with that port number). So all of Vonages traffic would be being blocked?
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

rdriscollCommented:
well feasibly is it possible yeah.  

if vonage uses a specific port the upstream could block that port, but there is 65,536~ some possible ports they could switch to.  from a consumer standpoint i wouldn't be worried.  from a vonage/voip industry standpoint i would be worried about possibilities for future interference from ma bell.  

typically from my experience when an ISP blocks a port they are blocking a port to protect the internet.  a few years ago an unnamed isp blocked unnamed requests from asia to the united states.  this probably caused a huge decrease in the damage that a couple specific worms could have done had they not been caught early/quick.  

i'm not sure the background hype behind what the talk is on the street but i really wouldn't be to concerned with blocking of ports destroying home voip.  but even that said you could propose that the ISP has the right to block whatever traffic they desire as it travels across the network they physically own.  protocols aren't married to ports.  smtp doesn't _have_ to be port 25.  it's just a lot harder to have a cross-platform solution.  and that's what a protocol is.  a cross platform solution so different architectures can communicate in a similar way.
rdriscollCommented:
also, the ports don't have to be different.  sorry.  forgot to mention that.  voipa and voipb can have similar configurations as long as authentication mechanisms are different.  in other words they can both use port two if they really choose.  you would connect to different servers etc/authentication/babble.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunilcomputerCommented:
Port :- In Digital data transfer notmally asyncronous (Data is sent in many parts called packets) data transfer is used. In any computer system there may be more than one connection running at the same time. Think...

Now, How to handle the data received for different applications at the same time was really a big problem.
Here comes the role of the PORT. Data packets sent to some system belongs to some specific application which is identified by the port no. refered in the packet.
On the other hand Operating System handles all the ports and associated application. It automatically sincronize the data.

THERE ARE TOTAL 65535 PORTS AVAILABLE IN MODERN PC.

For details :- www.iana.org/assignments/port-numbers

A number from 0 through 1023 used to identify a network service on an IP network (the Internet). Residing in a field in the TCP or UDP header, the port number directs packets to the appropriate application in the server. The most well-known port is 80, which identifies HTTP traffic for a Web server.

Registered and Private Ports

The Internet Assigned Numbers Authority (IANA) registers ports 1024 to 49151 for the convenience of the Internet community. Port numbers from 49152 to 65535 are private ports, also called "dynamic ports." For the complete list of well-known ports and registered ports, visit www.iana.org/assignments/port-numbers. See port number, port scanning, ICANN and IANA.

COMMON WELL-KNOWN PORTS

Service Port Function

HTTP 80 Web
HTTPS 443 Web (secure)
FTP 20,21 File transfer
FTPS 989,990 File transfer (secure)
Telnet 23 Remote login
SSH 22 Remote login (secure)
DNS 53 Host naming

SMTP 25 Internet mail
POP3 110 Client access
IMAP 143 Client access

NNTP 119 Usenet newsgroups
NNTPS 563 Usenet newsgroups (secure)
IRC 194 Chat

NTP 123 Network time

SNMP 161,162 Network management
CMIP 163,164 Network management

Syslog 514 Event logging
Kerberos 88 Authentication
NetBIOS 137-139 DOS/Windows naming

Now, Come to the point :-  Skype

Noetwork Applications like Skype, Kaaza etc. are easily programmable.
According to skype team skype's working is as below :-
1. Outgoing TCP connections should be allowed to remote ports 1024 and higher.
2. Outgoing TCP connections should be allowed to remote ports 80 and 443.
3. Outgoing UDP packets should be allowed to remote ports 1024 and higher. For UDP to be useful
to Skype, the NAT must allow for replies to be returned to sent UDP datagrams. (The state of UDP
“connections” must be kept for at least 30 seconds, and Skype recommends that these translations
be maintained for as long as an hour, if possible.)
4. The NAT translation should provide consistent translation, meaning that outgoing address translation
is usually the same for consecutive outgoing UDP packets.

For more details visit :-
Skype Guide for Administrators' :- http://www.skype.com/security/guide-for-network-admins.pdf

At the end I would like to conclude :-
Now a days applications are programmed in such a way that they can scan your system for open ports and use any open port for transfer if they can. This makes it hard to block these kind of applications. Ex. Yahooo Messenger.

The Top most Free Port Scanner is :- nmap  
http://www.insecure.org/nmap/download.html
willie108Author Commented:
another cool answer. I wanted to allocate points for this answer as well but the question is already closed I guess :-(
Thanks!
sunilcomputerCommented:
Don't worry, I don't work for points.
Just Enjoy dear :)
willie108Author Commented:
yea thanks for a cool explain!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.