Block TCP ports?

Similar Messages

• Bridged Wireless Blocks TCP Port 9100?

  On one of my networked computers, HP "Solutions Center" driver says HP 6310xi networked printer is connected, shows detail status & will print the HP diagnostic report direct to printer. Windows 7 shows printer on network map, & gives detailed status & setup info from printer internal data via IE through printer's IP address page (192.168.1.100); i.e. I can ping it. However, Win 7 printer control panel shows printer as "offline" on printers list & just ques up print requests. Troubleshooting gives error message "turn power on printer". Other networked PCs print OK. Bad computer is on a separate subnet of my home network, with a LinkSys wireless bridge WET610n connection, & printer is on another wireless LinkSys WET610n subnet. My network is totally LinkSys N, with a WRT 610n as main hub. All other network functions work for all other devices on the network, including DirecTV DVR receivers & Wii console!! I have moved the printer to the other subnet, & the problem is now mirrored by the computer on the remote subnet. It is not a firewall problem, but appears that the variables are the 2 wireless bridges that seem to conspire to block TCP port 9100 when in series. A single WET610n between the printer & a computer allows printing, proven by my roaming wireless laptop having access through the WET610n via the central wireless router. Very stange!! CTH

  If I understand correctly, you have a Linksys WRT610N as your main wireless-router with two satellite Linksys WET610N configured as Ethernet bridges -- right?
  You also have this setup:
  Win7 PC -> WET610N -> WRT610N -> WET610N -> Officejet 6310
  If I got this right, then the issue is probably the transit delay between the Win7 PC and the Officejet confusing HP's Solution Center.
  I think you have two options:
  1) Connect the Win7 PC directly to the WRT610N or connect the Officejet 6310 directly to the WRT610
  2) Manually install the printer.
  Let's try a manual installation:
  1. Click >> Start >> Control panel >> Printers.
  3. Click the Add a printer
  3. Select Local printer
  4. Select Create a new port and select Standard TCP/IP Port and click Next button.
  5. Under Device type, select TCP/IP Device. Under Hostname or IP address, enter the printer's host name (found on the printer's network configuration report the generated above). Click Next.
  If you get a message about Additional Port Information Required, then the printer was not found using the host name. You can go back and retry or using the printer's IP address instead of the host name.
  6. Select Hewlett-Packard from the list of manufacturers and select and select your printer model. Click Next.
  If your printer model was not listed, then select Have Disk, browse the HP CD that came with your printer and select the first file that starts with hp and ends with inf. Click Open then OK. Select your printer model. Click Next.
  7. If you are asked, use the currently installed driver.
  8. It will ask for the Printer name -- enter a new name or use the existing one. This will be the name of the printer that you select from other applications.
  9. You may be asked to share the printer. Make a choice and click Next.
  10. The Print Test Page box appears. Go ahead and print it.
  11. Click Finish.
  That should be it.
  Regards / Jim B / Wireless Enthusiasts
  ( While I'm an embedded wireless systems engineer at work, on this forum I do not represent my former employer, Hewlett-Packard, or my current employer, Microsoft )
  + Click the White Kudos star on the left as a way to say "thank you" for helpful posts.

• Should I block TCP/UDP ports 135 to 139 on my router?

  For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router?  This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation?  When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth.  Ideally, they should all be Stealth.

  Have a read here: http://securityspread.com/2013/07/26/firewall/
  Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
  The specific ports you mention pose no risk to OS X as far as I am aware.

• What incoming public TCP ports are blocked?

  I just setup my 890L to forward incoming public TCP ports to to a couple of my LAN devices.  Unfortunately, it looks like VZB is purposefully blocking common incoming TCP ports. 
  I tried searching on google.com for what ports are blocked; but, just found a bunch of posts like this one.  Some people actually tried contacting 1st and 2nd tied VZB tech support about this; but, it's clear they don't have this information available to them.
  Has anyone verified what incoming public TCP ports are not blocked?  There's no easy way for me to test this using my 890L.

  You can find out for yourself which ports are being blocked by using a Port Query utility.  Depending on the OS of your computer there should be multiple utilties available for free floating around.
  As we have seen numerous times before, devices on VZW's new SIM card/4G LTE network are blocked from many of the public facing services and features we have previously been dependant on.  Public IP Addresses, Public Ports, Webcams, VOIP phones, etc. all suffer under the same umbrella of limitations on the new network.  The list is too long to publish everything that is blocked or not working as it previously did.  Much easier for you to post the requirements of your application and have us confirm if its working or not.
  If you have not already experimented with VPN's I'd suggest checking them out.  VPN's are one of the easiest ways around these new limitations.  With a VPN enabled your device will tunnel all of its communications out an allowed port to a VPN server where your traffic is free to act normally before returning to you.

• TCP port blocked

  I am getting an "...unable to connect to server due to network security (TCP port 8080 blocked)" message. Any idea what settings should I change before going to SFR support? BES not enabled. 

  This will have been a false alarm triggered during the 7.7 upgrade.  The warning occurs when a site fires an event but does not have a current heartbeat connection.  I suspect this was caused by bad sequencing of a service restart and we will look into how that hapened.  The upgrade started yesterday at 9am and was completed at noon US-CST.
  Logs show a large number of these events were triggered between 9:30am and 10:20am CST.  If you are still receiving these, please let us know so we can investigate further.
  Andy

• [Solved] SSH not working (ISP blocks my port 22)

  OK full story:
  I want to be able to connect to my home arch linux box from school. The setup there are winxp machines whit putty on my usb or the pc itself. I know that my school is not blocking any ports as my friend can connect to his linux box at home. (also ssh)
  These are things i did and can think of i need to to do get ssh working:
  Before everything else i started to configure my Linsys router.
  My ISP gives me an Dynamic IP so i need to use the dyndns.org service. I made an account and configured my linsys router DDNS tab to work with the account. I got into the port forward tab an putted in ssh port forwarding (on port 22 TCP for my ip 192.168.1.102 => did ifconfig to be sure). Port forwarding for port 9091 is also on for my transmission webgui i'm saying this here because this works when i'm at school.
  1. Installed openssh
  # pacman -S openssh
  All installed fine.
  2. I've put the sshd into the daemon part of my rc.conf file.
  DAEMONS=(syslog-ng network netfs crond @alsa @g15daemon @samba @sshd dbus hal)
  3. Hosts.allow file =
  # /etc/hosts.allow
  SSHD: ALL
  # End of file
  4. Hosts.deny =
  # /etc/hosts.deny
  ALL: ALL: DENY
  # End of file
  5. sshd_config file =
  # This is the sshd server system-wide configuration file. See
  # sshd_config(5) for more information.
  # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  # The strategy used for options in the default sshd_config shipped with
  # OpenSSH is to specify options with their default value where
  # possible, but leave them commented. Uncommented options change a
  # default value.
  #Port 22
  #AddressFamily any
  ListenAddress 0.0.0.0
  #ListenAddress ::
  # Disable legacy (protocol version 1) support in the server for new
  # installations. In future the default will change to require explicit
  # activation of protocol 1
  Protocol 2
  # HostKey for protocol version 1
  #HostKey /etc/ssh/ssh_host_key
  # HostKeys for protocol version 2
  #HostKey /etc/ssh/ssh_host_rsa_key
  #HostKey /etc/ssh/ssh_host_dsa_key
  # Lifetime and size of ephemeral version 1 server key
  #KeyRegenerationInterval 1h
  #ServerKeyBits 1024
  # Logging
  # obsoletes QuietMode and FascistLogging
  #SyslogFacility AUTH
  #LogLevel INFO
  # Authentication:
  LoginGraceTime 120
  PermitRootLogin yes
  #StrictModes yes
  #MaxAuthTries 6
  #MaxSessions 10
  #RSAAuthentication yes
  #PubkeyAuthentication yes
  #AuthorizedKeysFile .ssh/authorized_keys
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  #RhostsRSAAuthentication no
  # similar for protocol version 2
  #HostbasedAuthentication no
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # RhostsRSAAuthentication and HostbasedAuthentication
  #IgnoreUserKnownHosts no
  # Don't read the user's ~/.rhosts and ~/.shosts files
  #IgnoreRhosts yes
  # To disable tunneled clear text passwords, change to no here!
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
  # Change to no to disable s/key passwords
  ChallengeResponseAuthentication no
  # Kerberos options
  #KerberosAuthentication no
  #KerberosOrLocalPasswd yes
  #KerberosTicketCleanup yes
  #KerberosGetAFSToken no
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
  # be allowed through the ChallengeResponseAuthentication and
  # PasswordAuthentication. Depending on your PAM configuration,
  # PAM authentication via ChallengeResponseAuthentication may bypass
  # the setting of "PermitRootLogin without-password".
  # If you just want the PAM account and session checks to run without
  # PAM authentication, then enable this but set PasswordAuthentication
  # and ChallengeResponseAuthentication to 'no'.
  UsePAM yes
  #AllowAgentForwarding yes
  #AllowTcpForwarding yes
  #GatewayPorts no
  #X11Forwarding no
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  #PrintMotd yes
  #PrintLastLog yes
  #TCPKeepAlive yes
  #UseLogin no
  #UsePrivilegeSeparation yes
  #PermitUserEnvironment no
  #Compression delayed
  #ClientAliveInterval 0
  #ClientAliveCountMax 3
  #UseDNS yes
  #PidFile /var/run/sshd.pid
  #MaxStartups 10
  #PermitTunnel no
  #ChrootDirectory none
  # no default banner path
  Banner /etc/issue
  # override default of no subsystems
  Subsystem sftp /usr/lib/ssh/sftp-server
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
  # X11Forwarding no
  # AllowTcpForwarding no
  # ForceCommand cvs server
  6. ssh_config file=
  # $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
  # This is the ssh client system-wide configuration file. See
  # ssh_config(5) for more information. This file provides defaults for
  # users, and the values can be changed in per-user configuration files
  # or on the command line.
  # Configuration data is parsed as follows:
  # 1. command line options
  # 2. user-specific file
  # 3. system-wide file
  # Any configuration value is only changed the first time it is set.
  # Thus, host-specific definitions should be at the beginning of the
  # configuration file, and defaults at the end.
  # Site-wide defaults for some commonly used options. For a comprehensive
  # list of available options, their meanings and defaults, please see the
  # ssh_config(5) man page.
  Host *
  # ForwardAgent no
  # ForwardX11 no
  # RhostsRSAAuthentication no
  # RSAAuthentication yes
  # PasswordAuthentication yes
  # HostbasedAuthentication no
  # GSSAPIAuthentication no
  # GSSAPIDelegateCredentials no
  # BatchMode no
  # CheckHostIP yes
  # AddressFamily any
  # ConnectTimeout 0
  # StrictHostKeyChecking ask
  # IdentityFile ~/.ssh/identity
  # IdentityFile ~/.ssh/id_rsa
  # IdentityFile ~/.ssh/id_dsa
  # Port 22
  # Protocol 2
  # Cipher 3des
  # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
  # MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
  # EscapeChar ~
  # Tunnel no
  # TunnelDevice any:any
  # PermitLocalCommand no
  # VisualHostKey no
  HashKnownHosts yes
  StrictHostKeyChecking ask
  7. Im sure SSH is running i even did => /etc/rc.d/sshd restart
  8. I have never installed any firewall on my arch box (that i know off). I can connect to it using my other linux laptop
  ssh -p 22 192.168.1.102 => works
  ssh -p 22 xxxxxx.dyndns.org => works (xxx replaced by my dyndns.org domain)
  ssh -p 22 9x.xxx.xxx.xx5 => works (xxx is my normal WAN ip offcourse)
  Keep in mind that transsmission port forwarding is working fine. I can connect from everywhere to my webgui wich is on port 9091. Anyone can help me get whats wrong?
  Last edited by Redostrike (2010-02-25 17:06:14)

  Wild guess but:
  # /etc/hosts.allow
  SSHD: ALL
  # End of file
  I don't know if this is case-sensitive, but if it is: it should be "sshd".
  If it doesn't work, doesnt hurt to try.

• Bypassing TCP port 25 restriction (i.e. worst ISP EVER; Mail is not allowed

  Hi
  The private company that runs my DOES NOT ALLOW Smtp connections on its "hi speed internet connection".
  Meaning that Mail cannot function and I have to check via webmail.
  I'm serious.
  Their FAQ states:
  Can I use email clients such as Microsoft Outlook or Outlook Express to send and receive emails?
  No, you will only be able to use web browser based email such as Hotmail or Gmail; this is due to limitations (on TCP port 25) which have been implemented to protect you against other computer users sending unsolicited bulk emails (SPAM) via your computer.
  Does anyone know a way to get around this as I NEED the functionality of Mail.....
  Also,
  Are all British ISPs this ridiculous?
  Dieing to find a solution to this....... Many Many Many Many Thanks
  PS. I already paid extra ($250USD) to enable 'super' internet which doesnt throttle VOIP, STREAMING, gaming, P2P etc.
  Luke

  Beginning January 1, 2006 Port 587 has been standardized as the port to use for authenticated SMTP servers although most will still work with Port 25 as well. More and more ISPs are blocking port 25 as various jurisdictions are holding them responsible for spam and/or viruses originating on their network. With unauthenticated SMTP anyone can send using that server whether they have an account or not. So the ISPs block that port with the sole exception of their own SMTP server so they can scan the messages for spam and viruses. With an authenticated SMTP server where a valid account id and password are required to send messages the provider of the server assumes the responsibility for scanning all traffic through their server thus relieving the ISP of the liability.
  Whether you think this is a big brother step or not, with estimates that spam on the internet is running as high as 70% of all email traffic, if it weren't for restrictions like this email would rapidly become an unusable tool. The only annoying thing I have found about this is how few ISP Tech Support people know about this. To often their solution is "you can only use another email provider through their webmail interface."

• Unknown open TCP ports on router

  Anyone know how to close these open ports on my Cisco 7606 router?
  Anyone know what these TCP ports are used for?
  49   - Not sure what this one is other than what IANA reports about TCP port 49
  4510
  4509
  2222
  I'm sure I could add an ACL to block communications to my router based on this ports but would rather figure out how to close 'em so this already overloaded router doesn't have additional processing.
  Cisco-7606# sh tcp br all
  TCB       Local Address           Foreign Address           (state)
  12EFC1C0  172.16.8.3.14401        10.8.2.14.49              TIMEWAIT
  1CC4F57C  172.16.8.3.26963        10.8.2.14.49              TIMEWAIT
  1A419F90  0.0.0.0.4510            *.*                       LISTEN
  1C581740  0.0.0.0.4509            *.*                       LISTEN
  1A417BBC  0.0.0.0.2222            *.*                       LISTEN
  12FB03A8  10.8.10.2.2222          10.8.1.42.4690            CLOSEWAIT
  12FB099C  10.8.10.2.2222          10.8.1.42.2233            CLOSEWAIT
  12FA7DF0  10.10.0.3.2222          10.8.1.15.4878            CLOSEWAIT
  1CD47780  10.10.0.3.2222          10.8.1.15.3917            CLOSEWAIT
  1CDDBCE0  10.8.10.2.2222          10.8.1.42.3964            CLOSEWAIT
  Cisco-7606# sh ver | i image
  System image file is "disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRD3.bin"
  Tks
  Frank

  Frank
  I can offer some suggestion about one of your port numbers. TCP port 49 is used for TACACS. If you are using TACACS for authentication, or authorization, or accounting then we know why port 49 is open and blocking TCP49 will prevent TACACS from working with your router.
  I have no insights or suggestions about the other port numbers that you mention.
  HTH
  Rick

• What TCP ports are used by Push notifications

  I believe my Firewall is blocking Push Notifications on my iPod touch. So, I wanted to discover what the TCP Ports are that are used by Push so I could open those ports to pass packets (info) to my iPod.

  See:
  http://support.apple.com/kb/HT3576
  "If you are still unable to receive notifications and you are using a Wi-Fi connection, verify that the network or firewall is not blocking access to port 5223."

• Extended ACL TCP port control

  Hi all,
  I have configured an acl to control traffic going in/out of an interface via tcp ports. However, after applying the acl to the interface, i find that eventhough ports are allowed, traffic is blocked by the acl.
  I suspected that it could be the initial tcp handshake (SYN, SYNACK, ACK etc) is not being allowed (due to the implicit deny). When i included that in the acl, it worked. Is this a necessary step in an acl that controls by tcp port?
  Reason is, some of the acl configured with tcp port control has not been configured to allow SYN, ACK etc but it works when some of these ACLs are applied to other interface.

  Hi,
  Thanks for the response. As far as the config of the ACL, it's quite straight forward with the thing i'm trying to achieve. 1.1.1.190 & 1.1.1.192 are Mail servers. The objective is to control both .190 & .192. The config is as below:
  interface Vlan2
  description For Mail
  ip address 1.1.1.129 255.255.255.0
  ip access-group 2002 in
  end
  C6500#sh access-li 2002
  Extended IP access list 2002
  10 permit icmp any any (272 matches)
  20 permit tcp host 1.1.1.0 any syn (10467 matches)
  30 permit tcp host 1.1.1.0 any ack (781 matches)
  40 permit tcp host 1.1.1.190 eq smtp any
  50 permit tcp host 1.1.1.190 eq pop3 any
  60 permit tcp host 1.1.1.192 eq smtp any
  70 permit tcp host 1.1.1.192 eq pop3 any (4 matches)
  80 permit ip host 1.1.1.183 2.2.0.0 0.0.255.255 (19 matches)
  When I first created this ACL, without the SYN & ACK configured, users failed to connect to the servers. I personally believe users could connect, but it's the return packets from the servers that might have gotten blocked by the ACL. However, after I added in the SYN & ACK, all went well. I could see counters incrementing for the SYN & ACK as well.
  Whereas, some other applications that use some custom ports, ie. 10000, 10001, didn't seem to need the explicit configuration of the SYN/ACKs & the ACL worked well.

• Download manager TCP port error 9421

  Everytime I install the manager and open the installer it gets 75 percent completed then pops up this error message "a resource on your machine TCP port 9421 required by the netsession client is either blocked or in use by another application. Now im pretty sure i dont have anything running in the background (im using Mac OSX) and i dont have the firewall activated or any virus software. PLEASE HELP.

  I was struggling with the same issue for most of the day. I finally discovered a smal link on the Akamai Download Manager that says
  " To download the files directly, click here. File 1 of 1 "
  This allowed me to download the .dmg file onto my mac and it installed with no problem.

• Unable to telnet on command prompt for udp port 514, but able to on cmd for tcp port 514

  I am unable to telnet on command prompt for udp port 514. But when I use packet snifer or wireshark I am able to see traffic going to the targetted server from udp port 514. I thought it might be a firewall issue blocking the port from communicating. But
  I figured out that windows firewall is disabled. I am able to make similar connections on the cmd for tcp port 514.
  I did a netstat -an and see that udp:514 is enabled and listening on the server.
  What am I missing here?

  Telnet actually supports TCP only. You might want to try another tool as suggested here: http://serverfault.com/questions/263032/how-to-connect-to-a-udp-port-command-line
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Block All Ports for a Host

  We are using BM 3.9 (no SP1 yet).
  I'm trying to block a Windows Media Player stream. If I put the URL that WMP uses into a deny rule, the BM log shows the html page is forbidden, yet the media still comes through.
  So I tried blocking all ports on the host. I put in a Deny rule that blocks All TCP&UDP on both the IP address and the host name. Yet, when I type the URL into WMP, I still get the stream. How do I block this with BM?
  Incidentally, after All ports didn't work, I tried specifying ports 0-65535. But I got an error that that was an invalid range. It did let me use 1-65535, though.

  David,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Technical Question regarding TCP Ports

  Morning All
  The Set up - 1xXP PC running BTNP and 1xWin7 Laptop running MSE
                     1xBTHHV2.0B
                     1xBTVision box (currently not connected)
  I have posted elsewhere on here about strange results regarding attempts (via UDP ports) to connect to my PC and have been trying to stop this or even look into who, what and why. At this present time BTNP has been manually configured to report everything and I'm getting some interesting attempts. Anyway googling this, that and the other has sent me in the direction of TCP Ports.
  Upon opening "netstat" via a command prompt on the PC it shows that 4 TCP Ports are currently "established" and 1 is showing "close_wait". All these refer to the localhost:**** which I guess is okay?
  However, opening "netstat" on the Laptop shows 8 TCP Ports are currently "TIME_WAIT" (in the state section) and 1 refering to which IP the laptop is assigned with and the www IP address. It's the 8 I'm slightly concerned about. They refer to what I believe is the BT Vision server IP address (127.0.0.1). The same address is found on the BTV box.
  Apparently, to block TCP connections the user needs to manually configure the router firewall which AFAIK can't be done on the BTHH2.0B.
  So here's the Q's
  1) Is it normal to have a computer TCP connection with what appears to be BT Vision?
  2) If not how do I block/close the TCP ports without using a router firewall that appear to be BT Vision?
  3) Why would the BTV IP address be dispalyed if the box has not been connected for some time?
  None technical replies would be good
  -+-No longer a forum member-+-

  @ Roger.
  Wow what a read!
  Am I correct to assume that UDP transmissions are safe as they don't go anywhere as the firewall stops them? I'm still intrigued as to why various transmissions are attempted (ie. microconnect, BTVision, Binary Trojan maker etc etc etc).
  Currently re reading yet again and will post regarding TCP...........
  .............TCP has to make a connection? A packet is sent from A to B and back to A. It is then that data can be exchanged. A and B's serial numbers can also be exchanged. Then when they have a full 'duplex' connection, A and B can send data to the each other anytime they want. And all A has to do is just give the operating system some stuff to send?
  That worries me or am I reading into this the wrong way?
  -+-No longer a forum member-+-

• How to get the number of bytes at TCP port

  Hi all,
  How to get the number of bytes to read at the TCp port...as someone had suggested in some forum we do read the number of bytes first and then pass this...
  but we get a problem when we have FF data in this...because then it sends 2 FF data...and cause of this we skip the last data...is there any solution for the same?

  Hi
  In LabVIEW you don't have the same property as in serail port.
  You havn't "Byte at TCPIP port".
  if you developp a protocol, one soltion, is to send the size to read.
  Ingénieur d'Application / Développeur LabVIEW Certifié (CLD)
  Application Engineer / LabVIEW Certified Developer (CLD)