Posted by Billy Joe on 09/30/05 19:53

After I suggested blocking, via firewall packet filter:

>> 2) Any inbound TCP connection from a port over 4000
>> (set up as 4001 thru 65535)

<snip>

Don M. wrote:

> Wouldn't filter 2) block virtually 99% of primaries?
>

No, Don! I'm a primary and the systems here pretty much run 24x7 (although
the portable gets shut down more often). None of my systems is presently
utilizing an OS assigned outbound port at or above 3000.

One problem with this block is user understanding, as db tried to explain
when he first mentioned it. The block looks at the port used for OUTBOUND
connection attempts on the PC which is trying to INBOUND connect to you.
That port is "dynamically" assigned by the OS and tends to loop between 1024
and some rather small max, like 3600, for most users. It reaches higher
values for some gamers and ALL of the enemy.

I do not set the filter to block in both directions, which would most
certainly block my attempts to connect to other primaries, while still
limiting theirs as described.

You could take a look at the outbound ports you have used yourself at the
moment.

Start, Run, cmd, netstat /n

on the system I'm using right now, that command shows no outbound port
exceeding 1463. My MX server ports are 51001 & 61001.

It would not be a good idea to block UDP ports at all, as they will be only
from other primaries. Only TCP ports are blocked to filter out the
secondaries which are making multiple WPN (and other network) connections.

BJ

[Back to original message]