Re: port numbers need

From: Gary K (dabigfinndog@icqmail.com)
Date: 12/23/02


From: "Gary K" <dabigfinndog@icqmail.com>
Date: Mon, 23 Dec 2002 13:25:25 -0800


Karl,

Just for my own info. Wouldn't WU return connection be one of the ports
above 1025, and be random each time as it is accessed via http?

That seems to be my conclusion after looking at the output from my packet
sniffer. The source port varies not only each time I connect to WU, but
even during the same session it will vary depending on what each session
seems to be doing. The connection is actually made to a couple of different
servers. In this case the only way to get a return behind a firewall even
is one that does stateful packet inspection--a firewall that keeps track of
tcp connections.
"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:u#R47frqCHA.1964@TK2MSFTNGP09...
>
> "josh" <joshk@directairnet.com> wrote in message
> news:001f01c2aab4$97222df0$d7f82ecf@TK2MSFTNGXA14...
> > I've started ip packect filtering on my windows 2000
> > server.but now I can't scan for windows updates on any of
> > my systems behind the filters. what I need to know is what
> > ports windows updates use? the message I get is no updates
> > are available for you computer.please help me if you can
> > thank you for your time
>
> Try disabling packet filtering and using a sniffer, or really you should
> use a real firewall that includes logging so that you can check the logs.
> Unless you're somewhat expert at IP, you'll run into this problem again as
> long as you have no logs.
>
> http://securityadmin.info/faq.htm#firewall
> http://securityadmin.info/faq.htm#sniffer
>
>
>



Relevant Pages

  • Re: tool to discover some non-firewalled TCP ports?
    ... > application must listen on ports accessible to the internet. ... (including those that do outgoing filtering any proxy filtering). ... distributed DNS and hold the TCP connection open so it ... would have to be listening all the time on each of the ports you want to ...
    (comp.os.linux.networking)
  • Re: Correction
    ... > I have an ADSL connection which polls my computer from time to time, ... > disables the questioned ports unless the user intervenes and allows the ... disallow each and every port with Windows Firewall? ... This policy setting also allows ...
    (microsoft.public.windowsxp.messenger)
  • D-link dsl 504 and Iptables problems
    ... I have a Bto Adsl connection plugged into a D-link DSL 504 router. ... I have then set up port forwarding on the d-link to forward ports ... $MPB ip_conntrack ... #ICMP Dead Error Messages protection ...
    (comp.os.linux.security)
  • d-link DSL-504 and IPtables trouble
    ... I have a Bto Adsl connection plugged into a D-link DSL 504 router. ... I have then set up port forwarding on the d-link to forward ports ... $MPB ip_conntrack ... #ICMP Dead Error Messages protection ...
    (comp.security.firewalls)
  • Re: Whats a decent modem/router for tech savy user?
    ... It is not possible to route or deny traffic to specific ports based on the source IP address. ... But it wont route back inside the LAN - needs internal DNS server spoofing. ... Normally, this option should be Enabled, so that an Internet connection will be made automatically, whenever Internet-bound traffic is detected. ... Specifying a Default DMZ Server allows you to set up a computer or server that is available to anyone on the Internet for services that you haven't defined. ...
    (uk.telecom.broadband)