Wondering why Firefox asks access for a number of different ports for http requests. Opera and IE are fine with port 80.
Any thoughts?
Hi Glass,
What are the ports it trying to access, and are they remote or local? Firefox and any browser for that matter usually requires access to more than just remote port 80. Sometimes ports 443 (secure), 53 (only if you have dns client service disabled), 81,82, 8080…etc are required. Just be sure the remote host (ip address) is legit in all cases. Your logs should reveal the story on the ports Firefox is attempting access on.
Hi cprtech,
Apart from the regular ports you talked about, firefox asks internet access to different ports in the 1200 - 1500 range as you surf the internet, if I remember the numbers right. I will note the exact ports going forward.
Wondering if this is something to do with the way firefox is built. Opera and IE don’t ask for access to any of these ports.
Okay, I wonder about the local port & ip, protocol, direction and remote ip of those ports? It could be Firefox wants to act as a “server” or they are local loopback connections.
Hi cprtech,
I use a local proxy that has the address 127.0.0.1:81. Here are some details I gleaned from the Comodo activity as well as access requests:
IP: 127.0.0.1 Port: 1122 - TCP
IP: 127.0.0.1 Port: 1158 TCP
IP: 127.0.0.1 Port: 4631 TCP
IP: 127.0.0.1 Port: 1158-1159 TCP
IP: 127.0.0.1 Port: 1122-1151 TCP
202.9.145.6 Port: dns(53) - UDP
202.54.6.50 Port: dns(53) - UDP
Thanks.
I dont think that the local ports (127.0.0.1) is something to worry about.
The last two depends on what parent they use. I would guess that it is update for a program or your mail app that use them.
I would agree. You could simplify the loopback rule by specifying a range of local ports as: 1024-5000 (this is a good, secure range). The dns ip’s are quite different, assuming they are remote, though the first octect of each is the same. I’m not sure what is going on there, but probably nothing to worry about. My current Network Rules for Comodo can be found here: Comodo rules creation pain | Wilders Security Forums in posts #8 & #9. They are nowhere near complete yet, but they have got me off to a good start, including loopback parameters required for certain apps.
Nice work with the rules cprtech.
Don’t forget to do a backup of them… 
It’s a lot of work if you want to be paranoid, but sometimes it’s worth it.
A couple of beta’s back I even put the component monitor to on directly from the start… without "scan for known applications… :o
Well, it drove me nuts… ;D Allowing every single DLL…
I did a search on my PC and it found 13000 DLL’s…
I put it on learning again… ;D
Thank you AOwL! They are backed up too. I once forgot to do so…Doh! If I don’t spend time every now and again creating these rules, I will forget so much ??? My goodness, that is alot of dll’s 
Thanks guys.
But all http internet requests on my system go through 127.0.0.1, given that I have a local proxy. The local proxy in turn connects to the internet. So that is what bothers me.
Again, I do not understand why all internet traffic can’t go through the port 80.
I tried accessing the last two addresses and they do not lead to any valid web sites.
Then why not remove the proxy if you don’t want to use it?
Your proxy is most certainly connecting out to port 80 if you are browsing the web.
Could they be addresses belonging to your proxy? If so, then that would explain why they don’t belong to valid sites. An ip lookup on them here http://www.arin.net/whois/ confirms this.
Thanks cprtech. I may be being thick here.
Good point, but I am assuming without the proxy the internet access requests would still be on the 1200 odd ports, but the IP would be the the site’s instead of 127.0.0.1. What do you think?
As an aside, it is a very useful proxy.
Largely yes. But I think some more other ports too, that I don’t understand. But let me double check if the proxy is channeling every request through port 80. Do you think that is safe enough if it does?
Thanks for the useful link. I found that these two do not belong to the proxy but to the my ISP (which raises another interesting question, of course ).
cprtech,
But you may be right. My local proxy only listens to port 81. Given all these requests are on >1000 ports, probably all this is local communication?
And do you know if the last two IPs I gave above (DNS 53 UDP) can ever go through an http proxy or always connect directly?
Thanks.
Yes, I believe those >1000 ports are local, but without detailed logs i can’t be sure. The proxy has to communicate with your machine’s local ports as well as remote ports, so it makes sense those >1000 ports are local.
Since you said those ip’s belong to your ISP, then they are remote to your proxy. Since traffic essentially bounces back and forth between your ISP’s dns server(s) and your machine when resolving domain names to ip addresses and UDP protocol is involved with the dns servers, then I guess the proxy must allow this traffic through it. In other words, your proxy must be set up to allow traffic other than strictly http, which is usually ports 80,81,82,8080, and perhaps some others. I just can’t see how you could browse succesfully if this was not the case.
Sorry, I am no expert on this stuff. I just know some of the basics
I believe that some software proxies do transparent DNS - i.e. the user requests a web page and the request goes to the proxy, whoch caches the request and does the DNS request to the ISP’s DNS. When the name is resolved and sent back to the proxy, the raw IP is inseerted into the originalrequest and sent outwards. I’m pretty sure Software 602’s LanSuite 2004 proxy does this.
Hope this helps,
Ewen
That makes sense to me panic. Thank you for your input. My router has a “dns relay” option that I have enabled. I think it may work similar to the way you described, and I believe it also caches the resolved ip’s so that later retrievel is faster than having to query the remote dns server. The following is taken from the help menu in my D-Link router:
“When DNS Relay is enabled, the router will play a role as DNS server that send request to ISP DNS server and cache the information for later access. When DNS relay is disabled, the computer will pull information from ISP DNS server.”
Mind you, Glass does state that the dns ip’s belong to his ISP, so maybe his proxy is not using this method??