Ports needed for the Internet

**confused2** · Mar 29, 2018 12:55 AM

In the light of UK regulations I'm setting up firewalls.

My ADSL router is quite basic (no wizards) but gives the important allow/deny facility.
Choosing 'deny all' except what allow I have allowed incoming port 53 (DNS),80 (HTTP) and 443 (HTTPS) and initially allowed all out - no problem - everything works perfectly. Naturally (?) I want to know what goes out so I started to restrict the range of allowed outgoing ports - generally the fewer ports open the slower the response from websites. I find that with 1..52000 allowed most but not all websites will work. It is possible my adsl box is compromised - also my operating system ('raspian' on a raspberry pi) but my trusted Ubuntu 14.04 does the same thing. I can't isolate which ports are involved because it seems sometimes a site is slow but gets there and sometimes it doesn't.

I'd expected three ports out and three in to be sufficient - clearly my setup isn't working like that - am I infected with something horrible or is this normal?

**stryder** · Mar 29, 2018 02:23 AM

Take a peek at the last comment in this thread:
https://askubuntu.com/questions/915913/w...erbird-use

That should give you an idea of how to pull the ports (and end destination IP's) from any applications you are running. It's difficult to say what ports you do or don't need.
You could consider that anti-virus programs will likely use ports to update their program or (as with some web browsers now) some tests to see if a URL is malicious can require having the URL sent to their server to check it (again requiring specific ports)

It's actually easier tightening outgoing than incoming ports, since while a web browser will use 80 (Outgoing) to initialise a connection, it can return with other randomly assigned port numbers to help spread the websites asynchronous load so the page loads faster (A port per image, page etc). If you truly want to lock a browser down to access through one port, then you'll likely have to run it through a proxy (where it redirects the randomly assigned ports to the one you allow)

It should be noted that as standard *nix systems will not respond to any port calls if the ports aren't assigned to a server (a program) listening on them, so by default you don't have to tell it to deny ports that have nothing on them, however I can understand if you are worrying about compromised programs it makes sense to lock it down "just in case".

As for "Infections", there are a couple of thing to look for such as lots of data connections going to shading IP addresses and high processor usage for programs that you don't usually use or have never heard of before.

**RainbowUnicorn** · (This post was last modified: Mar 29, 2018 12:32 PM by RainbowUnicorn.)

You can probably also find a list of web sites to avoid.
some websites actively seek to return pings through different ports to snoop on you.
it became quite common some years back.
someone probably has a list of those and will likely include all the big commercial web sites like ebay, amazon etc.
phone home trojans are the biggest issue in standard over the counter games and software products, also loaded from many shopping web sites.

you may find you need to actively deny access while browsing (some)sites which you may wish to view but have snoopy crap in them.
its EXTREMELY common

router jacking would be for scamming most likely.
can you delete and then load your own operatng system for the router ?
that would probably sort the bulk of that out.

**confused2** · (This post was last modified: Mar 29, 2018 08:11 PM by confused2.)

Many thanks for the excellent answers.

From the link given by Stryder

https://askubuntu.com/questions/915913/w...erbird-use

while true; do clear; netstat -anp | grep firefox | grep : | awk '{print $5}'; sleep 1; done

I see the BBC need to tell just about everyone what you are looking at. When I look now they all seem to be on port 80 or 443 - this morning I'm sure I saw many more ports being used. ???

Unfortunately I can't update my raspian software as there's no mysql odbc in the new version. I'm thinking of something clever along the lines of a sacrificial raspberry (a computer) connected to the office net via ssh or vnc. Time passes.

**confused2** · Mar 30, 2018 12:21 AM

gufw is a really natty firewall configger (sorry, Linux only).

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	ARPANET: A Primitive Precursor to the Internet	Ostronomos	0	70	Dec 28, 2022 08:01 PM Last Post: Ostronomos
	The unsolved mystery attack on internet cables in Paris	C C	0	68	Jul 23, 2022 05:34 PM Last Post: C C
	Here’s what the quantum internet has in store	C C	0	317	Oct 25, 2018 03:03 AM Last Post: C C
	Internet Speed quality & latency	RainbowUnicorn	0	266	Nov 17, 2017 12:22 PM Last Post: RainbowUnicorn
	The Four Greatest Mysteries of the Internet	Magical Realist	3	525	Dec 17, 2016 04:48 AM Last Post: Secular Sanity
	Can satellites learn to 'see' poverty? + Internet: the world wide cage?	C C	1	443	Aug 31, 2016 03:47 AM Last Post: scheherazade
	Fun with DNA + Serious security threat to many Internet users highlighted	C C	0	394	Aug 10, 2016 02:06 AM Last Post: C C