Solved

Proxy ports that can be used for external communication (SSL VPN)?

Posted on 2012-03-12
13
759 Views
Last Modified: 2012-03-22
Hi,

I wonder which ports can be used aside from 8080 and 80 (above ports 8080 since underneath ports are locked by many Internet-providers).

This question because some of our office users seem to have setup connections like openvpn or ssh not using 8080 (probably tunneling over other ports?) and still connecting to external devices at home while we would like to monitor/keep track of all these connections in order to block them if they cannot be justified.

J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
13 Comments
 
LVL 2

Expert Comment

by:4drahil
ID: 37710840
It really depends on the level of compitancy of your users, theoretically they could be using any port they please (obviously with exceptions) to tunnel traffic out of the company.

It really becomes a case then of whitelisting what they can use and blocking everything else.

Although a really determined user could still use something like SSTP and their traffic for all intensive purposes would look like a HTTPS connection.

Alternativly you could lock the machines down using group policy so they cant create VPN connections or SSH sessions or change their proxy settings, etc...

Also I would get all of your users to sign a network/computer usage policy if they already havent, as you are probably going to get into more trouble monitoring their usage than they are for avoidance of monitoring.
0
 

Author Comment

by:janhoedt
ID: 37711456
Ok, but that was not my question. I would like to know the ports: 8080, what else can be used?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37721003
The question has already been answered in the first response. ANY port can be used to pass the traffic over - 80 and 8080 are just two of them. However, MOST use port 443 using the https protocol because it is encrypted and once a connection is made the traffic passing over it cannot be easily identified.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 51

Expert Comment

by:ahoffmann
ID: 37721769
> I would like to know the ports: 8080, what else can be used?
even already answered, here as numbers:
  1024 .. 65535
0
 

Author Comment

by:janhoedt
ID: 37746153
No, not at all. Why don't you read my question?

I wonder which ports can be used aside from 8080 and 80 (above ports 8080 since underneath ports are locked by many Internet-providers).

80 and 8080 can be used to route ANY traffic, but I want to know which other ports pass the proxy (besides 443). Ports ABOVE 8080.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37746377
I'll bail out of this question. There is only a couple of ways to give the same answer to you and I don't appreciate the tone of your wording.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37746390
> I wonder which ports can be used aside from 8080 and 80 (above ports 8080 ...

  8081 .. 65535

(assuming that 8081 is "above" 8080)

it's as wondered in previous comment: I don't know how to express this answer in other words

> .. ports are locked by many Internet-providers
if you want to know which ports are locked, you need to specify the provider you have in mind,
otherwise this sounds like a "how is the world going round" question
a general answer would be: ports 80 and 443 are usually open and anything else blocked for http/https traffic
0
 

Author Comment

by:janhoedt
ID: 37746526
Sorry but it's frustrating  since my questions sounds pretty clear to me but apparently it is not.

I don't need to know which ports are blocked by a provider, I know the ones above 8080 are NOT blocked.
I would like to know which ports are NOT blocked by proxy by default aside from 80, 8080 and 443. It depends on the proxy I assume but aren't there default ports which are open (beside 80,8080 and 443), ports ABOVE 8080?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37746555
> .. which ports are NOT blocked by proxy by default  ..
hmm, I stiil don't really understand what you want to archive
by default all ports ar blocked,
by default webservers are open on for example 80
by default anything is open if there is a service listening
by default a firewall in front has its own configuration for accept and block
so as I understand your question, you simply have to ask the owner of the proxy which ports are in use and/or which are not blocked

BTW, where is this "proxy" located you're talking about: outgoing proxy in your LAN or a proxy somewhere in the internet you want to use
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37746570
I think the mist is clearing.....

Yes, it depends on the proxy server or service you are using.

For example, ISA and TMG block all ports by default - even 8080, 80 and 443..
You then have the option of choosing to use a web proxy port (their default is 8080) or to simply allow port 80 to be used and rely on the NAT capability to protect the internal services etc. However, the 8080 port can be switched to any port that you like.

Port 443 is not really a proxy port in the true sense - it is used predominently with the https protocol to provide an encrypted service but in respect to proxy, it is just another port like all the rest.

So there are no ports that are open 'by default' either above or below the known, regular ports. The definition of a proxy port is the port used by proxy clients to talk to the proxy server/service so, in line with that definition, you have to choose it rather than it being a default that is open.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37752318
Thanks - sorry it took a while to get on to your page :)
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question