I am wondering if it is a good idea to restrict applications by the ports they are supposed to use (eg an email program to be allowed to access only email related ports and perhaps port 80 if it checks for updates). It may be an overkill and extra work for trusted apps, but that could catch apps that phone home or adware. I am asking because this and other firewalls tend by default to allow apps to do whatever they want with any ports once they are OKed by the user. Perhaps comodo could have presets as well (eg all mail ports only for emailers, all browsing ports for browsers to speed things up with configuring individual apps).
yeah, you can allow/deny application by the port its using, but some application use port range from 1-who knows… I’ll show you some common port for some service/application:
Mail port:
POP3 - port 110
IMAP - port 143
SMTP - port 25
HTTP - port 80
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995
for application like browser, it hard to say which port their web server gonna use to configure your firewall, Port numbers can range from 0 to 65535.
Web server:
Port 80
Port 8080
Port SSL 443
and depend on if u r using proxies ect…
so, only that application use 1 port to connect to it is then easy to configure it.
These are the ports I meant. It wouldn’t be difficult to allow eg only these 8 ports for an emailer + port 80 or whatever perhaps if it checks for software updates. Like this I found in the past apps using funny ports and after investigation I discovered they were trying to phone home. I find it a bit too naive that by default firewalls in learning mode open all ports for a new app that the user thinks is trustworthy. Restricting a mailer to certain email servers by IPs is another idea, but then again hardwiring mailerservers and IPs sometimes causes problems because some ISPs change the IPs of their servers.
As for the browser, allowing those three ports you mentioned works just fine 99% of the time in my experience and it’s not too much trouble allowing attempts to connect to other ports as one-offs for the remaining 1%. As it happens, the tighter the security setup, the more restrictive and cumbersome the security regime, requiring more user intervention to set up and maintain later. Just a thought.
My question is similiar. After allowing an application for the first time how can you find out later on what port it is using?? It tells you the port when you first allow it, but I usually forget it later on and can’t find the port(ports) that an application is passing through?
You can see details of the currently active connections in Activity | Connections. Another way is to switch the app to Ask mode in Application Monitor and next time the firewall will ask you like the first time.