Ports for emule?
#1
Scooby Senior
Thread Starter
Ports for emule?
I changed a friend's Internet access from USB modem to a router/firewall (Vigor 2600VG). Now it seems that his son can't use emule because the firewall is blocking the ports. My friend uses his pc for business & the pc must be secure. The 2 computers (father + son) are in the same IP address range, but are not using network sharing.
If I open a load of ports for emule on the router (4661, 4662, 4665, 4672, 4711) what does this mean security-wise for the business computer?
If I open a load of ports for emule on the router (4661, 4662, 4665, 4672, 4711) what does this mean security-wise for the business computer?
#5
Scooby Senior
Thread Starter
Thanks Jack
What can actually happen to the accounts computer? Could it get hacked though the open ports, or would he have to be running emule to be hacked? (He is using XP Pro SP2 & integral SP2 firewall + McAfee Virusscan 2006 - just the anti-virus version).
If I opened the ports & forwarded them to his son's internal IP address, would that then risk the accounts computer?
What can actually happen to the accounts computer? Could it get hacked though the open ports, or would he have to be running emule to be hacked? (He is using XP Pro SP2 & integral SP2 firewall + McAfee Virusscan 2006 - just the anti-virus version).
If I opened the ports & forwarded them to his son's internal IP address, would that then risk the accounts computer?
#6
Scooby Senior
Which ever way you look at it, they share a network. Ask the administrators of networks on here if they allow some machines access to the ports used for emule. Even the slightest risk is still a risk that most wouldn't take.
#7
Scooby Regular
iTrader: (1)
Join Date: Jul 2004
Location: There on the stair
Posts: 10,208
Likes: 0
Received 0 Likes
on
0 Posts
The golden rule for access is: None.
You restrict ALL ports by default and then open up the ones you want. ONLY the ones you want.
If you run a local firewall on each p..c in the scenario above - and restrict the emule ports on the fathers machine it will give SOME protection.
However, if the sons p.c. IS compromised then this is the backdoor to the fathers - unless the two machines are restricted from each other.
You restrict ALL ports by default and then open up the ones you want. ONLY the ones you want.
If you run a local firewall on each p..c in the scenario above - and restrict the emule ports on the fathers machine it will give SOME protection.
However, if the sons p.c. IS compromised then this is the backdoor to the fathers - unless the two machines are restricted from each other.
Trending Topics
#8
Scooby Senior
Thread Starter
Thanks guys
My preference is to not open the ports, but it's a request from an old freind & I need to be sure if I say "no".
The father's pc is on the same IP range (192.168.1.x), but is not sharing anything, also the workgroups are not the same name.
Maybe I can suggest it's ok, but the accounts computer would need Zonealarm?
My preference is to not open the ports, but it's a request from an old freind & I need to be sure if I say "no".
The father's pc is on the same IP range (192.168.1.x), but is not sharing anything, also the workgroups are not the same name.
Maybe I can suggest it's ok, but the accounts computer would need Zonealarm?
#9
Scooby Senior
Thread Starter
Originally Posted by Kieran_Burns
However, if the sons p.c. IS compromised then this is the backdoor to the fathers - unless the two machines are restricted from each other.
#10
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Nick
Assume that the son's computer is constantly compromised (it's a typical student computer... in a mess). How do I restrict them from each other?
also edited to add, Mcafee will help with the virus trapping side of things
edited to add again (doh) the vigor has an option to set separate VLANs on the 4 ports. On my 2600G its in the VLAN/Rate Control menu. Enable it and tick the boxes to put them on separate networks, this should as good as isolate the PC's from each other
Last edited by mike1210; 23 December 2005 at 10:36 PM.
#11
Scooby Senior
Thread Starter
Originally Posted by mike1210
edited to add again (doh) the vigor has an option to set separate VLANs on the 4 ports. On my 2600G its in the VLAN/Rate Control menu. Enable it and tick the boxes to put them on separate networks, this should as good as isolate the PC's from each other
#12
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Nick
That's great - thanks very much! The SP2 Firewall is already enabled on the business computer. So I can open the relevant ports, put the 2 pcs on separate vlans, do I suggest that the business pc also has ZOnelarm installed to protect the open emule ports?
Putting the PC's on seperate VLANS really is a brick wall defence. The son computer could not access the other computer in any way so you are safe there.
Zonealarm? Its up to you, what i do is use the Firewall packet filter on the router to only allow certain ports out onto the net. By default on the draytek routers, all traffic leaving the network is allowed, which isn't good if a virus gets on to your machine.
If youre interested what i do bind IP to Macs, and setup outgoing rules for each machine on the network. First rules being block if no further match rules for both TCP and UDP traffic. Then create rules so certain IP's can go out on certain ports for example
UDP port 53 DNS lookups (would be needed for the net)
Port 80 HTTP - General Internet
Port 443 HTTPS - Secure Internet
PM me if you want to do it this way its a bit fiddly but works really well, the FAQ's on the draytek site have great info in them (www.draytek.co.uk)
One + for Zone alarm is that it can restrict outgoing traffic by application (ie it will tell you when something is trying to go out from the PC). Routers do this to some extent but you need to know What protocol and ports the application uses
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM