uTorrent & Ports 25, 50, 53, 80, 222, 443

I have a few ports in question that are being used in tandem with uTorrent and I’m a little concerned with some of the ports in question. If possible I would like it if you guys could fill me in on what I don’t know.

So here are the ports in question:
[IN]
Source Port
TCP - 50
UDP - 80, 222, 443

[OUT]
Destination Port
TCP - 53, 80
UDP - 25, 53, 80

25 : SMTP - You guys should know what this is
50 : re-mail-ck - Remote Mail Checking Protocol
53 : Gets DNS addresses when not behind a router*
80 : HTTP - Supposedly happens when the search bar is used**
222 : rsh-spx - Why is a port typically used for a remote shell being used with uTorrent?
443 : HTTPS - Again why is uTorrent using this?

*Thing is, I am behind a router so why is that port being fired on my logs?
**Not. I just tested it and I got no such port in my log. So what is it being used for really?

Okay, so some of these ports sound like they are supposed to be. However, I’m behind a router so why is port 53 being used? My test of port 80 with the search bar in uTorrent yielded negative results so what exactly is uTorrent using that port for anyway? And then there is the rest of that mess. Can someone please explain all of these ports for me? They don’t seem to be randomly used ports because those are the only double and triple digit ports I’ve seen in my logs for uTorrent ever. (well actually I saw port 1 as well but I’m not mentioning it because I didn’t document it, sorry, if you have info on that as well that would be great.)

IANA Port list.

Firewall Tutorial for Utorrent with Comodo Internet Security.

Eric can you help me with this IP real fast i don’t think it should take along time

https://forums.comodo.com/firewall-help-cis/what-t63350.0.html

This is the simple Rule that work for opening ports in uTorrent:

Action = Allow
Protocol = TCP or UDP
Direction = In
Source Address = Any
Destination Address = Any
Source port = Any
Destination port = A Single Port then the port of utorrent

Enjoy :-TU

Lol [at] Joey, your butting in actually helped me. I can use that thread to help me out later.

I’ve read the IANA Port List and I’m still reading through all 22 of those pages. I’m actually trying to put together better rules but what with all the confusion and posts everywhere and incomplete data its hard to compile an actually accurate and acceptably secure rule set. Ive been looking over other posts that have to do with uTorrent on this board and trying to compile all of the data I can. I’m missing a lot. Such as those ports. I’ll read Panlouk’s thread in a few minutes I’m almost to his thread in my list. (I’m still researching ICMP at the moment)

Oh and Jovan, did you even read my OP?

My personal experience with Utorrent (after a lot of experiments) and the simplest set of rules:

Allow/TCP and UDP in/the port Utorrent uses
Allow/TCP and UDP out/any port
Block/IP in and out.

And let’s remember that Utorrent (as Vuze and others) do their own filtering. Any connection attempt that isn’t related to the download in question will be blocked.

did you even read my OP?

oops, I’ve read it now.
Can you check if IPv6/Teredo is enabled in your Utorrent (Preferences/General)?

I’m using Windows 7 64 bit so I already have IPv6. No tunnel obviously. However, for accuracy’s sake I have it disabled except to the loopback on my rig.

Also I want to say that I have 7 rules so far that are the best and leave the least space open for attack. So far they are better than the Pandlouk and Ragwings rules. However I’m still researching and I havent even finished with the ICMP rules yet. I’m excited about releasing them to everyone lol.

Did you check if Windows FW is off?

Yeah, Windows Firewall is off. How would Windows FW fire any of those ports though?

Also I just found out that there are several UDP trackers that use port 80 (Strange that there are only a few that use privileged ports and the only privileged port used is port 80 [atleast that I have found]. I’ll have to add that renegade exception to my rules.) Anyway, that explains the mystery use of port 80.

EDIT: Wait has anyone got a TCP with port 80?

How would Windows FW fire any of those ports though?

There's a love triangle between Windows FW/Utorrent/Teredo. Either with Vista or 7. Some time ago I lost 3 hours on the phone with My ISP just to find out that if I install Utorrent with Windows FW on it will chose some settings (Utorrent); but if I install it with Comodo or OA it will chose others. And that would affect my router as well. So, your situation could be this or that or... whatever. Good luck.

Okay, so here is an update to the list of Privileged port usage in reference to uTorrent. I’m going to explain a few things and if anyone would be so kind as to give me some feedback, correct me whatever that would be great.

[IN]
Source Port
TCP - 50
UDP - 0, 14, 21, 22, 23, 26, 59, 80, 82, 85, 105, 106,110, 113, 120, 123, 200, 222, 256, 333,411, 443, 563, 590, 591, 592, 666, 800, 990, 999, 1000, 1001, 1002, 1005

Destination Port
TCP - NA
UDP - NA

[OUT]
Source Port
TCP - 192
UDP - NA

Destination Port
TCP - 21, 23, 53, 59, 80, 113, 123, 556, 666, 900,
UDP - 21, 23, 24, 25, 53, 80, 113, 120, 123, 333, 443, 556, 591, 900,

All of this data has been gathered by me and the help of Wireshark and Comodo Firewall over the past week. Now, the strings of ports that are longer are most likely packet transfers propagated by trackers. The TCP Source port 50 is probably some idiot using port 50 as his or her listening port. The TCP Out Port 192 has thrown me for a loop. I want to say its human error and I just read it wrong but i was pretty sure of myself at the time so I’m not exactly sure. I’ll just call it an outlier for now and if I see it again I’ll reconsider it’s validity. I don’t know what everyone else does with uTorrent when it comes to non privileged ports but obviously there is some serious traffic going on with those ports. At the risk of jumping the gun I’m getting closer and closer to believing that it will hinder your speed and connectability if you you block these ports.

Again, if anyone can verify this, give input, correct me, or even provide more privileged ports they’ve documented usage of That would be great.

[at]SG65: Since I don’t have WFW on and I don’t have Teredo I don’t think that’s the issue.

I made no special rules for uTorrent. I just have the port forwarded in my router and the only thing the Firewall asked was to allow incoming connection which I allowed and everything is fine. I just use the default installation of the firewall and never run the ports wizard since it defaults to the second option anyway. I couldn’t care less about what other ports are used.

[attachment deleted by admin]

I’m one of the paranoid ones. I dont like applications having free reign over my network. I like to actually know what the application is doing as well. Not just know that it’s using a certain port or protocol.

I like to know what the strangers are doing in my house and what they are doing. You know?

Your house is a different story. When it comes to my computer I want the applications I choose to use to be able to do everything they need to do to work correctly without being alerted to it all. Transparent security I think they call it. It’s up to the writers of the security apps to know about all that stuff and protect me from the baddies. That’s their job. I don’t need or even want to know about the details.

Laughs.
That goes quite well with Torrent Clients. They do a very good job of making sure no connections are allowed if not related to the file in question.
If after you open the file you find it’s infected that’s another story.

I find this absolutely fascinating.
In what sense of the word I won’t disclose.

Avast! AV has a P2P shield that checks each piece of a torrent download as it is created on your HD. If it finds anything, which would most likely be in piece number one, it takes care of it very nicely.

I really don’t trust that type of scanning torrents.
If I wasn’t sure of a file I would rather download it inside Sandboxie. Then scan it with MBAM and HitmanPro.

I allowed UDP in/out from utorrent port to port 80 and it and the trackers using it still kept getting blocked (even after restarting and reassigning uT to the predefined policy).