Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: What is an outbound port of a browser.

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Posts
    106

    What is an outbound port of a browser.

    I guess we all know the standard services 80 http, 21 ftp..... blablabla...

    The question that I have is what are the standard outbound ports for somthing so diverse as a browser. (i.e. IE )
    does it make the requests from the same socket for same service or does it vary..
    does it make reqests for different services from different sockets (http/ftp) ...
    i\'m the guy who bitched out a girl about writting poems in General Chat... Now everyone thinks I hate women and that I\'m gay ... live and learn ... hehe

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Ports for browsers are usually anything over 1024. Traditionally, any client applications will be found above 1024. Using netstat can help you see which port your browser is using at present. Port numbers will vary from application to application and no two applications should be using the same port (AFAIK).

    Hope that helps.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Port numbers will vary from application to application and no two applications should be using the same port (AFAIK).
    Yes, but you will see different protocols accepted on the same port. i.e. TCP and UDP will both be accepted on port 445 for CIFS.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member
    Join Date
    Jul 2003
    Posts
    106
    does browser make the request always from the same port... or do the ports vary

    what i'm trying to understand is ... how can a ssh tunnel make reqest on behalf of a browser... i would understand if it would be a special proxy server which is programed to behave like a server ... but ssh is basically a telnet...

    do web servers expect incoming from a specified port or it really doesn't matter
    i\'m the guy who bitched out a girl about writting poems in General Chat... Now everyone thinks I hate women and that I\'m gay ... live and learn ... hehe

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    The browser doesn't care about the source port beyond keeping track of info to send back to the client. The SSH Tunnel makes the request because of the destination port it goes to, not where it comes from. The web server just responds to requests made at port 80 or whatever port it is set to listen to.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Each connection is established with a different source port. To prove this, open two browsers and point them both to AO (or any site of your choice). Drop to a command prompt and type netstat -an. You will see high port connections from your machine to port 80 on both instances of your browser connections to AO.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    Each connection is established with a different source port. To prove this, open two browsers and point them both to AO (or any site of your choice). Drop to a command prompt and type netstat -an. You will see high port connections from your machine to port 80 on both instances of your browser connections to AO.
    I think it would be better proved to open one do netstat close it then do the other. Because if you do them at the same time it has to be a different port so that doesn't prove anything.

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    The client side will usually pick a random port above 1024 and it usually is a lot higher. You can actually force a client to use a particular client side port. I just read about it the other day but it was more of a pain in the ass then it was worth. I cant remeber what it was called off hand but if I remember ill post it up here
    That which does not kill me makes me stronger -- Friedrich Nietzche

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Er.... This thread doesn't seem to be going the right direction..... Let me have a go......

    The Original question was:-

    The question that I have is what are the standard outbound ports for somthing so diverse as a browser. (i.e. IE )
    does it make the requests from the same socket for same service or does it vary..
    does it make reqests for different services from different sockets (http/ftp) ...
    I see three parts:-

    1. what are the standard outbound ports for somthing so diverse as a browser.

    You determine the outbound port of your browser by the letters you type before the "://" portion of the url. Thus hhtp forces a request on port 80, https forces on port 443 and ftp forces a request on 21..... The source port, (the one your browser uses to separate sessions is "randomly" picked at the initiation of the session and is above 1024)

    2. does it make the requests from the same socket for same service or does it vary..

    The common services are always found on the same ports as far as your browser is concerned. However, if the remote server uses a different port for a common service you can force the browser to make it's request on that port by adding ":8080" at the end of the url. So a request to mydomain.com that runs it's web server on port 8000 would look like this -

    http://www.mydomain.com:8000

    I believe you could actually drop the http:// portion though IE will add it back in so I can't test that from here. The www.mydomain.com is still required for DNS resolution.... but if you knew the IP you could type 123.123.123.123:8000 and arrive at the same place.

    Again, the source port is randomly selected above 1024 for each session.

    3. does it make reqests for different services from different sockets (http/ftp) ...

    This question is really answered by the two answers above but for clarification..... By convention that same services are carried by the same ports internet-wide so the answer to the question is yes. The disclaimer on that is in the answer to the second question where, if a provider puts a well known service on a non-standard port he needs to "advertize" the fact by adding the ":8000" to any links he puts anywhere.

    Now this does have some useful security applications. It doesn't mean that you can give up securing these services that you "hide" but it does make the job of footprinting that little bit more difficult, time consuming and risky for the cracker.

    You can "hide" common services on unusual ports and still have it accessible to the whole world, (you are unable to specify the IP addresses that can connect because your workforce is too mobile and never get the same IP address), but hard to find. For example you can have a terminal services connection open to the world on port 6134 instead of 3389 where it would usually be, (it's a registry change on the server and an export, edit, import task on the client to change the port). Now, if Joe S. Kiddie wants to scan for term servers 'cos he has a new "sploit" he's going to scan your netblock for port 3398. Now, Joe is smart, and knows that to avoid the default portscan detection of Snort he needs a scan rate of less than 4 connections in 2 seconds so, to play it safe he runs his scan rate at 1/sec - equating to 4 mins 15 seconds to scan your netblock - and find nothing!!!!! To find it he must maintain the same scan rate but cover 254 x 65535 = 16645890 = 277431.5 minutes = 4623 hours = 192.33 days to scan your network and get a reply from your terminal server. (Remember, most scanners are multithreaded so you can't say they would get to the port after only 6134 events per IP address).

    This doesn't mean that you can "hide" a service and forget about it. The determined attacker will always find it. What it does do is keep the "skiddies" away. Yes, it's security through obscurity...... But this job is all about making their job that little bit harder......

    Hope all that drivel helps.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Jul 2003
    Posts
    106
    thanx for the replies...

    Tiger... you must've missunderstood me a bit ... i know you can run the daemon on any port of your choosing and also that there are "standard ports" for "standard services"...

    i'm going to try to set up a http/mail/ftp proxy on a old slack box. i shouldn't have a problem setting up the ssh to listen for my client (on standard or non-standard port) what i need clarification w/ is

    1. when the ssh makes the request on behalf of my client. how can it identify the requested service (how can ssh determince if i need mail or to browse)

    2. if you guys say that the outbound port in regular straigtforward connection is "randomly" choosen...

    a) does that hold true for all services (ftp, http, snmp)?
    b) if so, will shh choose randomly too or will it use the same socket for all services?
    c) if not, can i make choose randomy like a true browser
    d) if not, can i set certain outbound ports

    3. will every server understand ssh encryption?

    4. will i be able to run java, shockwave, active x and everything else as in straight connection
    i\'m the guy who bitched out a girl about writting poems in General Chat... Now everyone thinks I hate women and that I\'m gay ... live and learn ... hehe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •