?
Solved

Proxy ports that can be used for external communication (SSL VPN)?

Posted on 2012-03-12
13
Medium Priority
?
762 Views
Last Modified: 2012-03-22
Hi,

I wonder which ports can be used aside from 8080 and 80 (above ports 8080 since underneath ports are locked by many Internet-providers).

This question because some of our office users seem to have setup connections like openvpn or ssh not using 8080 (probably tunneling over other ports?) and still connecting to external devices at home while we would like to monitor/keep track of all these connections in order to block them if they cannot be justified.

J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
13 Comments
 
LVL 2

Expert Comment

by:4drahil
ID: 37710840
It really depends on the level of compitancy of your users, theoretically they could be using any port they please (obviously with exceptions) to tunnel traffic out of the company.

It really becomes a case then of whitelisting what they can use and blocking everything else.

Although a really determined user could still use something like SSTP and their traffic for all intensive purposes would look like a HTTPS connection.

Alternativly you could lock the machines down using group policy so they cant create VPN connections or SSH sessions or change their proxy settings, etc...

Also I would get all of your users to sign a network/computer usage policy if they already havent, as you are probably going to get into more trouble monitoring their usage than they are for avoidance of monitoring.
0
 

Author Comment

by:janhoedt
ID: 37711456
Ok, but that was not my question. I would like to know the ports: 8080, what else can be used?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37721003
The question has already been answered in the first response. ANY port can be used to pass the traffic over - 80 and 8080 are just two of them. However, MOST use port 443 using the https protocol because it is encrypted and once a connection is made the traffic passing over it cannot be easily identified.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 51

Expert Comment

by:ahoffmann
ID: 37721769
> I would like to know the ports: 8080, what else can be used?
even already answered, here as numbers:
  1024 .. 65535
0
 

Author Comment

by:janhoedt
ID: 37746153
No, not at all. Why don't you read my question?

I wonder which ports can be used aside from 8080 and 80 (above ports 8080 since underneath ports are locked by many Internet-providers).

80 and 8080 can be used to route ANY traffic, but I want to know which other ports pass the proxy (besides 443). Ports ABOVE 8080.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37746377
I'll bail out of this question. There is only a couple of ways to give the same answer to you and I don't appreciate the tone of your wording.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37746390
> I wonder which ports can be used aside from 8080 and 80 (above ports 8080 ...

  8081 .. 65535

(assuming that 8081 is "above" 8080)

it's as wondered in previous comment: I don't know how to express this answer in other words

> .. ports are locked by many Internet-providers
if you want to know which ports are locked, you need to specify the provider you have in mind,
otherwise this sounds like a "how is the world going round" question
a general answer would be: ports 80 and 443 are usually open and anything else blocked for http/https traffic
0
 

Author Comment

by:janhoedt
ID: 37746526
Sorry but it's frustrating  since my questions sounds pretty clear to me but apparently it is not.

I don't need to know which ports are blocked by a provider, I know the ones above 8080 are NOT blocked.
I would like to know which ports are NOT blocked by proxy by default aside from 80, 8080 and 443. It depends on the proxy I assume but aren't there default ports which are open (beside 80,8080 and 443), ports ABOVE 8080?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37746555
> .. which ports are NOT blocked by proxy by default  ..
hmm, I stiil don't really understand what you want to archive
by default all ports ar blocked,
by default webservers are open on for example 80
by default anything is open if there is a service listening
by default a firewall in front has its own configuration for accept and block
so as I understand your question, you simply have to ask the owner of the proxy which ports are in use and/or which are not blocked

BTW, where is this "proxy" located you're talking about: outgoing proxy in your LAN or a proxy somewhere in the internet you want to use
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 37746570
I think the mist is clearing.....

Yes, it depends on the proxy server or service you are using.

For example, ISA and TMG block all ports by default - even 8080, 80 and 443..
You then have the option of choosing to use a web proxy port (their default is 8080) or to simply allow port 80 to be used and rely on the NAT capability to protect the internal services etc. However, the 8080 port can be switched to any port that you like.

Port 443 is not really a proxy port in the true sense - it is used predominently with the https protocol to provide an encrypted service but in respect to proxy, it is just another port like all the rest.

So there are no ports that are open 'by default' either above or below the known, regular ports. The definition of a proxy port is the port used by proxy clients to talk to the proxy server/service so, in line with that definition, you have to choose it rather than it being a default that is open.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37752318
Thanks - sorry it took a while to get on to your page :)
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question