Discussion:
What are "high UDP" ports ?
(too old to reply)
LB
2004-11-17 11:42:26 UTC
Permalink
Hi,

My firewall is McAfee Desktop Firewall.

It has a rule named : "Allow all high UDP" (local and remote from 1024 to
65535). Please, what is this rule ? Is it safe to let a so large range of
UDP ports open ? I noticed that if I block all high udp port(or delete this
rule), the network/internet is still working fine... so I do not understand
what is for...

For better security settings, should I allow all "high UDP" or block them ?

Thank you for help & comments...

Mordicus
unknown
2004-11-17 16:41:20 UTC
Permalink
It is best to not allow them until you know for sure that you have to for
some particular product.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Post by LB
Hi,
My firewall is McAfee Desktop Firewall.
It has a rule named : "Allow all high UDP" (local and remote from 1024 to
65535). Please, what is this rule ? Is it safe to let a so large range of
UDP ports open ? I noticed that if I block all high udp port(or delete this
rule), the network/internet is still working fine... so I do not understand
what is for...
For better security settings, should I allow all "high UDP" or block them ?
Thank you for help & comments...
Mordicus
Bill Evans
2004-12-01 08:01:53 UTC
Permalink
Post by unknown
It is best to not allow them until you know for sure that you have to for
some particular product.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Post by LB
Hi,
My firewall is McAfee Desktop Firewall.
It has a rule named : "Allow all high UDP" (local and remote from 1024 to
65535). Please, what is this rule ? Is it safe to let a so large range of
UDP ports open ? I noticed that if I block all high udp port(or delete
this
Post by LB
rule), the network/internet is still working fine... so I do not
understand
Post by LB
what is for...
Some of those ports are used by P2P apps like Grokster, Blubster, etc. Keep
them blocked, and if six months from now you install Blubster you need to
remember why it won't work until you free some ports in that high UDP area.
--
bill evans
***@SPAMcharter.net
Hartselle, AL

Freeman Dyson: "It's best not to limit our thinking. We can always
air-condition the Earth."
LB
2004-12-04 20:16:31 UTC
Permalink
Thank you
Post by Bill Evans
Some of those ports are used by P2P apps like Grokster, Blubster, etc.
Keep them blocked, and if six months from now you install Blubster you
need to remember why it won't work until you free some ports in that high
UDP area.
--
Post by Bill Evans
bill evans
Hartselle, AL
Steven L Umbach
2004-11-17 18:40:50 UTC
Permalink
Those are the unprivileged ports that are mostly used by the client and
picked randomly for the return connection from a server connection. If you
run netstat you can see how your computer uses those ports. Firewalls by
default block those ports and I am not sure why you even have the option to
enable them. A tasteful firewall will open those ports dynamically in
response to traffic your computer initiates and close them when the
connection is terminated. Many Trojans will try to use those ports. If you
are having a problem with a particular application it would be best to find
out exactly what it's requirements are and view the firewall logs to see
what packets are being blocked which can help in final configuration but
that would be the rare exception rather than the rule. --- Steve
Post by LB
Hi,
My firewall is McAfee Desktop Firewall.
It has a rule named : "Allow all high UDP" (local and remote from 1024 to
65535). Please, what is this rule ? Is it safe to let a so large range of
UDP ports open ? I noticed that if I block all high udp port(or delete
this rule), the network/internet is still working fine... so I do not
understand what is for...
For better security settings, should I allow all "high UDP" or block them ?
Thank you for help & comments...
Mordicus
LB
2004-11-17 22:15:32 UTC
Permalink
Thank you Steven U. and Phillip W. for your advices. I use a preset rule
with these ports open because it was the only one configuration that passed
the "Shield up" firewall test (other configurations were not successful, and
I am afraid not being able to change set them correctly). I will block all
high UDP, and see if any problem occur.

Thank you for your great support !
Post by Steven L Umbach
Those are the unprivileged ports that are mostly used by the client and
picked randomly for the return connection from a server connection. If you
run netstat you can see how your computer uses those ports. Firewalls by
default block those ports and I am not sure why you even have the option
to enable them. A tasteful firewall will open those ports dynamically in
response to traffic your computer initiates and close them when the
connection is terminated. Many Trojans will try to use those ports. If you
are having a problem with a particular application it would be best to
find out exactly what it's requirements are and view the firewall logs to
see what packets are being blocked which can help in final configuration
but that would be the rare exception rather than the rule. --- Steve
Post by LB
Hi,
My firewall is McAfee Desktop Firewall.
It has a rule named : "Allow all high UDP" (local and remote from 1024 to
65535). Please, what is this rule ? Is it safe to let a so large range of
UDP ports open ? I noticed that if I block all high udp port(or delete
this rule), the network/internet is still working fine... so I do not
understand what is for...
For better security settings, should I allow all "high UDP" or block them ?
Thank you for help & comments...
Mordicus
LB
2004-11-17 23:47:52 UTC
Permalink
After reading your posts, I realize that I may take risks unnecessarily...
since I do not understand well internet security related subjects and since
I am using a few preset rules that may lead to security flaw.

Could someone agree to have a look at my firewall preset rules (I can mail
them in a jpg attached file - I did not succeeded to send them in an
attached file with my post) and tell me if there are rules I could (or
should) delete (or change). I am a basic internet home user, directly
connected to the Internet by dial-up ADSL modem (without router), and using
only commun applications (web browser, mail, some P2P, etc.). My PC is
running WinXP SP2. I am trying to learn about security by myself but I am
still far from being an expert, and many terms (protocols name, etc.) are
still incomprehensible for me.

Thank you again.
PS: by the way, someone recommend to block all ICMP traffic for better
safery. When I do it, I often lost my internet connection (my adsl modem
have to reconnect). Do allow ICMP traffic is necessary ?
unknown
2004-11-18 21:26:51 UTC
Permalink
Post by LB
Could someone agree to have a look at my firewall preset rules (I can mail
them in a jpg attached file - I did not succeeded to send them in an
attached file with my post) and tell me if there are rules I could (or
should) delete (or change). I am a basic internet home user, directly
connected to the Internet by dial-up ADSL modem (without router),
Use a Cable/DSL NAT Box. Yes they are commonly called "routers" although
that really isn't what they are. Keep your machine behind this, then you
don't have to worry much about what ports the machines has "open" because it
is no longer exposed directly to the Internet.

You can't safely expose a machine to the internet if you are hoping to
figure out security "somewhere-along-the-way", you must know what you are
doing and why you are doing it right from the start. It doesn't matter to an
intruder if you are a "newby" or an expert, all they see is the machine as a
target.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
LB
2004-11-19 20:39:34 UTC
Permalink
Thank you for your advices ! I will consider buying a ADSL router.
Post by unknown
Post by LB
Could someone agree to have a look at my firewall preset rules (I can mail
them in a jpg attached file - I did not succeeded to send them in an
attached file with my post) and tell me if there are rules I could (or
should) delete (or change). I am a basic internet home user, directly
connected to the Internet by dial-up ADSL modem (without router),
Use a Cable/DSL NAT Box. Yes they are commonly called "routers" although
that really isn't what they are. Keep your machine behind this, then you
don't have to worry much about what ports the machines has "open" because it
is no longer exposed directly to the Internet.
You can't safely expose a machine to the internet if you are hoping to
figure out security "somewhere-along-the-way", you must know what you are
doing and why you are doing it right from the start. It doesn't matter to an
intruder if you are a "newby" or an expert, all they see is the machine as a
target.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Continue reading on narkive:
Loading...