Solved

Proxy ports that can be used for external communication (SSL VPN)?

Posted on 2012-03-12
13
754 Views
Last Modified: 2012-03-22
Hi,

I wonder which ports can be used aside from 8080 and 80 (above ports 8080 since underneath ports are locked by many Internet-providers).

This question because some of our office users seem to have setup connections like openvpn or ssh not using 8080 (probably tunneling over other ports?) and still connecting to external devices at home while we would like to monitor/keep track of all these connections in order to block them if they cannot be justified.

J.
0
Comment
Question by:janhoedt
  • 4
  • 3
  • 3
  • +1
13 Comments
 
LVL 2

Expert Comment

by:4drahil
ID: 37710840
It really depends on the level of compitancy of your users, theoretically they could be using any port they please (obviously with exceptions) to tunnel traffic out of the company.

It really becomes a case then of whitelisting what they can use and blocking everything else.

Although a really determined user could still use something like SSTP and their traffic for all intensive purposes would look like a HTTPS connection.

Alternativly you could lock the machines down using group policy so they cant create VPN connections or SSH sessions or change their proxy settings, etc...

Also I would get all of your users to sign a network/computer usage policy if they already havent, as you are probably going to get into more trouble monitoring their usage than they are for avoidance of monitoring.
0
 

Author Comment

by:janhoedt
ID: 37711456
Ok, but that was not my question. I would like to know the ports: 8080, what else can be used?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37721003
The question has already been answered in the first response. ANY port can be used to pass the traffic over - 80 and 8080 are just two of them. However, MOST use port 443 using the https protocol because it is encrypted and once a connection is made the traffic passing over it cannot be easily identified.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 37721769
> I would like to know the ports: 8080, what else can be used?
even already answered, here as numbers:
  1024 .. 65535
0
 

Author Comment

by:janhoedt
ID: 37746153
No, not at all. Why don't you read my question?

I wonder which ports can be used aside from 8080 and 80 (above ports 8080 since underneath ports are locked by many Internet-providers).

80 and 8080 can be used to route ANY traffic, but I want to know which other ports pass the proxy (besides 443). Ports ABOVE 8080.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37746377
I'll bail out of this question. There is only a couple of ways to give the same answer to you and I don't appreciate the tone of your wording.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37746390
> I wonder which ports can be used aside from 8080 and 80 (above ports 8080 ...

  8081 .. 65535

(assuming that 8081 is "above" 8080)

it's as wondered in previous comment: I don't know how to express this answer in other words

> .. ports are locked by many Internet-providers
if you want to know which ports are locked, you need to specify the provider you have in mind,
otherwise this sounds like a "how is the world going round" question
a general answer would be: ports 80 and 443 are usually open and anything else blocked for http/https traffic
0
 

Author Comment

by:janhoedt
ID: 37746526
Sorry but it's frustrating  since my questions sounds pretty clear to me but apparently it is not.

I don't need to know which ports are blocked by a provider, I know the ones above 8080 are NOT blocked.
I would like to know which ports are NOT blocked by proxy by default aside from 80, 8080 and 443. It depends on the proxy I assume but aren't there default ports which are open (beside 80,8080 and 443), ports ABOVE 8080?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37746555
> .. which ports are NOT blocked by proxy by default  ..
hmm, I stiil don't really understand what you want to archive
by default all ports ar blocked,
by default webservers are open on for example 80
by default anything is open if there is a service listening
by default a firewall in front has its own configuration for accept and block
so as I understand your question, you simply have to ask the owner of the proxy which ports are in use and/or which are not blocked

BTW, where is this "proxy" located you're talking about: outgoing proxy in your LAN or a proxy somewhere in the internet you want to use
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37746570
I think the mist is clearing.....

Yes, it depends on the proxy server or service you are using.

For example, ISA and TMG block all ports by default - even 8080, 80 and 443..
You then have the option of choosing to use a web proxy port (their default is 8080) or to simply allow port 80 to be used and rely on the NAT capability to protect the internal services etc. However, the 8080 port can be switched to any port that you like.

Port 443 is not really a proxy port in the true sense - it is used predominently with the https protocol to provide an encrypted service but in respect to proxy, it is just another port like all the rest.

So there are no ports that are open 'by default' either above or below the known, regular ports. The definition of a proxy port is the port used by proxy clients to talk to the proxy server/service so, in line with that definition, you have to choose it rather than it being a default that is open.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37752318
Thanks - sorry it took a while to get on to your page :)
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now