Re: TCP Port selection

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 01/31/04 

Date: Fri, 30 Jan 2004 21:28:22 -0500

For your ease of configuration, I would probably first recommend asking a
person or newsgroup that is expert in your router as to whether you have
correctly configured your router ACLs. For example, can you configure them
to block Syn packets with a destination port in that range? Or configure
your ACLs to only block traffic involving those ports where the source and
destination are both on your local network, and then let your firewall block
worm activity out to the Internet? Or allow traffic where one port is in
that range and the port on the other end is TCP 80 or other probably
acceptable values? Those might be ways you might block most if not all
MyDoom connections while allowing most if not all web browsing.

If you prefer, this article should let you do what you wish, reserve
"ephemeral" source ports in Windows 2000. Other such articles can be found
in Google:

http://www.jsiinc.com/SUBO/tip7000/rh7082.htm
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=windows+
registry+ephemeral+port

Might I also recommend a good enterprise antivirus solution that distributes
updates automatically.

"D Comeau" <wysiwyg08620@yahoo.com> wrote in message
news:6b1b01c3e69e$5f15c7b0$a001280a@phx.gbl...
> Can I configure W2k to utilize a specific range of ports
> (or even restrict the use of a range of ports)? We have
> configured ACL's on our routers that restrict connections
> to dest ports 3127 to 3198 in an attempt to reduce the
> affects of the MyDoom worm. However, Windows randomly
> uses ports to connect to systems. As an example, I open
> my web browser to www.microsoft.com and I use TCP port
> 3127 as my source port, the packet goes out to
> www.microsoft.com port 80, but the return packet does not
> get through.

Relevant Pages

  • Spurious completions during NCQ
    ... support DPO or FUA ... ACPI: PM-Timer IO Port: 0x408 ... Using ACPI for SMP configuration information ...
    (Linux-Kernel)
  • Re: Cisco 760
    ... On the ports you are unsure about below, where it says Router, does it ... I can't think why the router requires Port 80 to allow Port 443 other than a ... Current Configuration ... PAT Multicast Summarization Netbios Spoofing/Left ...
    (microsoft.public.windows.server.sbs)
  • Re: Cisco 1720 Question
    ... here is their current run configuration. ... hostname Router ... >> networks, wants to setup a VPN into their server on port 5000. ...
    (comp.dcom.sys.cisco)
  • Re: General Router Question(s)
    ... >> A WIRELESS INTERNET router will provide a wired port for connecting ... >> not allow access to the configuration pages over this port, ... > That depends on the router. ...
    (alt.os.linux.suse)
  • Re: Question about LANWAN Ethernet connector (DSL modem)
    ... The DSL modem was installed by my rural phone company, ... In reference to the back panel connectors, it says "1 LAN port can be ... If the router was supplied by your ISP, ... No configuration needed by me, it must have used any default ...
    (comp.sys.mac.comm)