Proxy ports that can be used for external communication (SSL VPN)?


I wonder which ports can be used aside from 8080 and 80 (above ports 8080 since underneath ports are locked by many Internet-providers).

This question because some of our office users seem to have setup connections like openvpn or ssh not using 8080 (probably tunneling over other ports?) and still connecting to external devices at home while we would like to monitor/keep track of all these connections in order to block them if they cannot be justified.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It really depends on the level of compitancy of your users, theoretically they could be using any port they please (obviously with exceptions) to tunnel traffic out of the company.

It really becomes a case then of whitelisting what they can use and blocking everything else.

Although a really determined user could still use something like SSTP and their traffic for all intensive purposes would look like a HTTPS connection.

Alternativly you could lock the machines down using group policy so they cant create VPN connections or SSH sessions or change their proxy settings, etc...

Also I would get all of your users to sign a network/computer usage policy if they already havent, as you are probably going to get into more trouble monitoring their usage than they are for avoidance of monitoring.
janhoedtAuthor Commented:
Ok, but that was not my question. I would like to know the ports: 8080, what else can be used?
Keith AlabasterEnterprise ArchitectCommented:
The question has already been answered in the first response. ANY port can be used to pass the traffic over - 80 and 8080 are just two of them. However, MOST use port 443 using the https protocol because it is encrypted and once a connection is made the traffic passing over it cannot be easily identified.
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

> I would like to know the ports: 8080, what else can be used?
even already answered, here as numbers:
  1024 .. 65535
janhoedtAuthor Commented:
No, not at all. Why don't you read my question?

I wonder which ports can be used aside from 8080 and 80 (above ports 8080 since underneath ports are locked by many Internet-providers).

80 and 8080 can be used to route ANY traffic, but I want to know which other ports pass the proxy (besides 443). Ports ABOVE 8080.
Keith AlabasterEnterprise ArchitectCommented:
I'll bail out of this question. There is only a couple of ways to give the same answer to you and I don't appreciate the tone of your wording.
> I wonder which ports can be used aside from 8080 and 80 (above ports 8080 ...

  8081 .. 65535

(assuming that 8081 is "above" 8080)

it's as wondered in previous comment: I don't know how to express this answer in other words

> .. ports are locked by many Internet-providers
if you want to know which ports are locked, you need to specify the provider you have in mind,
otherwise this sounds like a "how is the world going round" question
a general answer would be: ports 80 and 443 are usually open and anything else blocked for http/https traffic
janhoedtAuthor Commented:
Sorry but it's frustrating  since my questions sounds pretty clear to me but apparently it is not.

I don't need to know which ports are blocked by a provider, I know the ones above 8080 are NOT blocked.
I would like to know which ports are NOT blocked by proxy by default aside from 80, 8080 and 443. It depends on the proxy I assume but aren't there default ports which are open (beside 80,8080 and 443), ports ABOVE 8080?
> .. which ports are NOT blocked by proxy by default  ..
hmm, I stiil don't really understand what you want to archive
by default all ports ar blocked,
by default webservers are open on for example 80
by default anything is open if there is a service listening
by default a firewall in front has its own configuration for accept and block
so as I understand your question, you simply have to ask the owner of the proxy which ports are in use and/or which are not blocked

BTW, where is this "proxy" located you're talking about: outgoing proxy in your LAN or a proxy somewhere in the internet you want to use
Keith AlabasterEnterprise ArchitectCommented:
I think the mist is clearing.....

Yes, it depends on the proxy server or service you are using.

For example, ISA and TMG block all ports by default - even 8080, 80 and 443..
You then have the option of choosing to use a web proxy port (their default is 8080) or to simply allow port 80 to be used and rely on the NAT capability to protect the internal services etc. However, the 8080 port can be switched to any port that you like.

Port 443 is not really a proxy port in the true sense - it is used predominently with the https protocol to provide an encrypted service but in respect to proxy, it is just another port like all the rest.

So there are no ports that are open 'by default' either above or below the known, regular ports. The definition of a proxy port is the port used by proxy clients to talk to the proxy server/service so, in line with that definition, you have to choose it rather than it being a default that is open.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
Thanks - sorry it took a while to get on to your page :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.