Many ports open (firewall report this)
 

News:

29 December 2022 - PtokaX 0.5.3.0 (20th anniversary edition) released...
11 April 2017 - PtokaX 0.5.2.2 released...
8 April 2015 Anti child and anti pedo pr0n scripts are not allowed anymore on this board!
28 September 2015 - PtokaX 0.5.2.1 for Windows 10 IoT released...
3 September 2015 - PtokaX 0.5.2.1 released...
16 August 2015 - PtokaX 0.5.2.0 released...
1 August 2015 - Crowdfunding for ADC protocol support in PtokaX ended. Clearly nobody want ADC support...
30 June 2015 - PtokaX 0.5.1.0 released...
30 April 2015 Crowdfunding for ADC protocol support in PtokaX
26 April 2015 New support hub!
20 February 2015 - PtokaX 0.5.0.3 released...
13 April 2014 - PtokaX 0.5.0.2 released...
23 March 2014 - PtokaX testing version 0.5.0.1 build 454 is available.
04 March 2014 - PtokaX.org sites were temporary down because of DDOS attacks and issues with hosting service provider.

Main Menu

Many ports open (firewall report this)

Started by acrespo, 28 February, 2004, 08:11:09

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

acrespo

My firewall (Tiny Personal Firewall) have a activity window. This windows show all ports opened actually.
I have two hubs (1 Ptokax and 1 YHub). YHub is Ok, because when a client disconnect the port is free and the firewall block this port again. But Ptokax didn't free the ports after client disconnects then firewall think that port is in use and don't block.
Anybody have a solution for this issue?

lynyrd

hi
change your firewall to sygate or someone else that is moore compatible with dc overall..i tried tiny and i found it was a disaster..i use norton and does'nt have that problem

acrespo

I changed to tiny because norton have the same problem. I don't think it's a problem with firewall, because I already test with Yhub and Xhub and the problem is not occuring with that hubs.

plop

all clients connect 2 port 411, those extra ports you see opend by ptokax are from something else (refresh my mind if you know which part this was).
nomather which firewall you use they are always opened and never closed, as it's a ptokax issue and not a firewall.
beside that it's outbound trafic so it doesn't cause any danger, beside wasting memory.
there are 3 way's 2 solve it.
1) step back 2 ptokax icecube.
2) wait for the public beta of 0.3.3.0.
3) just ignore it.

plop
http://www.plop.nl lua scripts/howto\'s.
http://www.thegoldenangel.net
http://www.vikingshub.com
http://www.lua.org

>>----> he who fights hatred with hatred, drives the spreading of hatred <----<<

robertone

OK, running 15-25 myself, no problems! Started a fight with firewalls. Why? Not al firewalls blok IP's and/or Port 0. And exactly on Port 0 riaa and other's are spying on or attacking hubs.

drive4 as well 15-25 are doing what they should do. Listening to local port 411 and accepting inbound trafic from various remote ports on local port 411 (or the one specified at the hub address). I also found out that both PtokaX's listining, however, without any activity, to local port 413.

Does someone has any idea why PtokaX is listining to port 413??? I don't and blokked it.

robertone
We have nowadays more welt and luxury then any of our ancestors could imagen, but are we grateful for that???
Can a species that even don\'t care for the planet that gave them birth... be grateful at all?

Corayzon

this sounds like it could be the open port for public hublists to ping the servers for info...otherwise this could be a reason hubhacks are operating, how knows what someone will add to there code so they can get in laters

robertone

#6
Public hublist are served from the default (411) or specified local port to the remote port 2501. I don't get error messages because I locked port 413. PtokaX is only listening at that port!

Hublist.org probes on the default or specified local port.

robertone
We have nowadays more welt and luxury then any of our ancestors could imagen, but are we grateful for that???
Can a species that even don\'t care for the planet that gave them birth... be grateful at all?

[PT]CableGuy

Hi there:

If you all don't mind i'll post "my info" about DC "open ports"....

In my case i use a router , because i have a 3 PCs LAN at my home.
In my router i only open/forward the following ports:

-411    -PC1 -PtokaX TD4 Hub
-1412 -PC2 -DC++ client
-2501 -PC3 -Hublist Server



The only PC that doesn't close sockets , is the one that runs PtokaX TD4.
Sometimes i get hundreds of lines like this ones:  (netstat -a)
TCP    PC1:3504               PC1:0                  LISTENING
TCP    PC1:3181               PC1:0                  LISTENING
TCP    PC1:3347               PC1:0                  LISTENING
TCP    PC1:3349               PC1:0                  LISTENING
I realise (after some searchs) that if programs open sockets they must close them also.

I've tryed this VBS , but without any success:
Private Sub Winsock_close
  Winsock.Close
  Winsock.LocalPort = 3009
End Sub
The problem about closing this sockets is because the application is still running.
I don't now how to force a winsocket.close....so , i'm stuck and wainting for 0.330.
From my experience , the uptime record for TD4 was 400 hours and [15.25] was 800 hours.
There are reallt excellent improvements with this socket issue in next versions.
THANKS ptaczek and all programmers , testers and scripters.  
YOU ALL ROCK MY WORLD !!!!  :D

plop

port 413 (udp) can be used to let ptokax (scripts) search in active mode.

plop
http://www.plop.nl lua scripts/howto\'s.
http://www.thegoldenangel.net
http://www.vikingshub.com
http://www.lua.org

>>----> he who fights hatred with hatred, drives the spreading of hatred <----<<

robertone

#9
Ptokax is listining at local port 413, the only script presently used is robocop 6.0d.

In the router log I found a few rare occations that some packets were send to a remote port 413 from local port 8888 and 8450. This is not stating that PtokaX sended those packets. On the other hand, there are no hubs specified in the DC client favorite hub list that uses port 413.

To [PT]CableGuy
If I'm not wrong the DCPlusPlus client is listining by default at local port 1212-1213. However, this is changed when a port is specified in settings. More over, the client chooses, according the DC protocol, randomly a local port between 1024-65535 for communication. Not all clients follow this protocol. I noticed communication on lower ports -- the lowest detected by me was port 7. In settings of my present client I specified port 1214, but even so it's also listining at the local port 4673. I'm behind a router/firewall and a second firewall/filter. Therefor it's important to me to know which ports the progs are using.

Further more I noticed that all clients using both UDP and TCP. This despite the DC protocol, that's specifying UDP. Actually it's very curious to see that worldwide all clients change from UDP to TCP and back at allmost the same time. There has to be a trigger!

robertone
We have nowadays more welt and luxury then any of our ancestors could imagen, but are we grateful for that???
Can a species that even don\'t care for the planet that gave them birth... be grateful at all?

[PT]CableGuy

#10
QuoteOriginally posted by robertone
...There has to be a trigger!...
LOL , that trigger is DC++ clones... :D

Very well said robertone.  
In fact there are many opened (not closed) ports by the applications and even the O.S.  
What you should care is "the one's" with established connections .

For example:

Here you can see , established and listening "states"...wich means:
"The only active and opened ports are the established one's"

All the "other states" are not really "active". :))
As you can see from the image ,for this "states" ptokax listens on port 3380 ,
then connects to "random" ports and finally connects to eci:0 , wich is my pc name->eci.
So not really any communication with any computer....just youself :]


btw : The program used in the picture is TCPView from SySinternals.com

acrespo

@CableGuy: My problem is exact the same. My firewall reports many local ports opened by Ptokax and I think that a bad hacker can invade my system because any firewall accept connections in local open ports.

robertone

Your PtokaX version is listining to more ports then mine. For every logged-in user there is one TCP connection at the local port 411 (inbound). And PX is listining, for onknown reason,  permanently to local port 413 (UDP). No more.

In your example I notice three open UDP listining ports; 413, 1981 & 3030. And 19 not closed ports (connected to itself), which I didn't noticed it at my hub :]

All connections vissible, besides port 413, in my connection window are living. I locked UDP port 413 in the router/firewall. PX doesn't notice it is locked and doesn't seem to care that no data is received at UDP port 413.

DC clients is an other story, they make a real mesh. A firewall programmar's nightmare, I would say! Just opening all possible ports, UDP & TCP, randomly. Only the inbound port can be controled.

robertone
We have nowadays more welt and luxury then any of our ancestors could imagen, but are we grateful for that???
Can a species that even don\'t care for the planet that gave them birth... be grateful at all?

[PT]CableGuy

QuoteOriginally posted by robertone
...Your PtokaX version is listining to more ports then mine....
Well , i'm running Ptokax 0.326 TD4.
These "listening ports" grows day-by-day... :(

QuoteOriginally posted by acrespo
...I think that a bad hacker can invade my system because any firewall accept connections in local open ports...
Well , actually the biggest hole in security , is called Microsoft. X(
In fact if you use TCPView , you can see there are many "listening and time_wait" ports.
For example svchost , system , inetinfo....does this and doesn't close the ports.

Let's get the example from Blaster or Sasser Virus...
Blaster uses a vulnerability in the windows RPC , and Sasser uses the LSASS vulnerability.  
But if you use a firewall , these virus are not triggered and no connection to the internet is done.  
Though there are "listening ports" (used by the virus)...
the remote port is allways the PC:0 because communications are blocked by the firewall.

Don't worry ppl , this is "normal" and doesn't affect you're PC if you use a firewall/router.

acrespo

I am running Ptokax 0.326 TD4, and the problem is the same. After one week I need to shutdown Ptokax because there aren't more ports available to open. Ptokax got all!!!

[PT]CableGuy

QuoteOriginally posted by acrespo
...After one week I need to shutdown Ptokax...
Humm..
I have also used TD4 and it stayed 11 days online...before "eating" all ports. :D
NOW  , with PtokaX 0.330 [15.25] , the hub stays online 30 days !!!
There are significant changes in this version , wich makes me very , very happy !!! :D

acrespo

I am not happy :(
Ptokax 0.330 is in development over 1 year :(


[PT]CableGuy

#18
QuoteOriginally posted by acrespo
...Ptokax 0.330 is in development over 1 year...
I prefer to wait for a good application  rather than nice application  !!!
In fact if it was an excelent application i would be the happyest man alive   !!! :D
What i'm saying is that i don't mind to wait since there is...
...undeniable evidences of excellent work beeing developed by every "teams".  :))
I mean many ppl are involved in "this"...betaTesters , scripters , programmers and users !!!  
Let it be the perfect tool for "us" to use with no "worries". :]
Let it be "the gift" that ptaczek  delivers to the world !!!!  8)
Let's.....wait ;)

Corayzon

agreed [PT]CableGuy

robertone

I notice a general approval that the leaked beta version PtokaX v0.330 build 15-25 :]  is actually better then the public release v0.326 TestDrive 4!!!

Anyhow, like [PT]CableGuy is mentioning, a firewall/router protects against some Microsoft Windows vulnerabilities. But not all, svchost for example can send data and open a port in the firewall/router by that. I block and monitor found listining ports dedicated with my firewall/router. Actually it's my humble opinion that everyone who's connected to internet more then two hours a day, should protect himself (my apologizes to all feminists, but the English language still addresses the public masculin) with a firewall/router, even when he own's only one pc.

But more, I really start to like the possibilities of OutPost firewall. You really can make dedicated rules in which occasion a prog is allowed to open a port or listining to it. I'm shure that there are more firewalls with the same possibilities, but I don't know them. Except the debian, but that's running on an other OS platform.

robertone
We have nowadays more welt and luxury then any of our ancestors could imagen, but are we grateful for that???
Can a species that even don\'t care for the planet that gave them birth... be grateful at all?

robertone

Found this on the other forum from the hand of plop

Quotecurrent ptokax versions have only 1 port 2 connect 2 (the 2nd port can be used 2 search in active mode - 413).
but there is good news, on the latest 0.3.3.0 beta there is the option 2 use @ least 2 ports for users 2 connect 2.

Only one question left, which beta build??

robertone
We have nowadays more welt and luxury then any of our ancestors could imagen, but are we grateful for that???
Can a species that even don\'t care for the planet that gave them birth... be grateful at all?

[PT]CableGuy

QuoteOriginally posted by robertone
...svchost for example can send data and open a port in the firewall/router by that...
?(  ?(  ?(  ???
The applications only open ports in a firewall/router if UPnP is enabled !!!! (most doesn't have UPnP)
No application should open automatically ports on the router or firewall.   X(

About the "2 ports thingy"...I have 0.330 [15.25] , but i never tested it....so when i get home i'll try it.
I'll post some info later on. ;)

plop

QuoteOriginally posted by robertone
Found this on the other forum from the hand of plop

Quotecurrent ptokax versions have only 1 port 2 connect 2 (the 2nd port can be used 2 search in active mode - 413).
but there is good news, on the latest 0.3.3.0 beta there is the option 2 use @ least 2 ports for users 2 connect 2.

Only one question left, which beta build??

robertone
it's in 1 of the latest versions which is not released 2 the beta team, prob 15.30+.
pta spoke about it the boards but didn't mention the version number, just that he added it the day before.

plop
http://www.plop.nl lua scripts/howto\'s.
http://www.thegoldenangel.net
http://www.vikingshub.com
http://www.lua.org

>>----> he who fights hatred with hatred, drives the spreading of hatred <----<<

SMF spam blocked by CleanTalk