Which ports does the internet need?

There's a guy living in a room in my parents house who seems to be
constantly downloading. I don't like the idea of that, I've told him
not to, but when his cable is plugged in, the lights are always going
nuts and it slows them down.
The router allows blocking or allowing of any number of tcp and/or udp
ports or to forward only certain traffic to specific machines.
I'd like to set it to BLOCK ALL and ALLOW ONLY the ports needed for
messaging, internet, mail...services like that.

The forums and support for their router aren't very helpful so I was
wondering if someone here could tell me a list of basic ports that the
internet/chat requires to run. Or, indeed, whether I could somehow
find out what ports were being used for legit stuff, bearing in mind
that the traffic doesn't go through my parents machine - the router
feeds them and him directly, as it were (ie: not ics).

"digitaltoast" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> There's a guy living in a room in my parents house who seems to be
> constantly downloading. I don't like the idea of that, I've told him
> not to, but when his cable is plugged in, the lights are always going
> nuts and it slows them down.
> The router allows blocking or allowing of any number of tcp and/or udp
> ports or to forward only certain traffic to specific machines.
> I'd like to set it to BLOCK ALL and ALLOW ONLY the ports needed for
> messaging, internet, mail...services like that.
>
> The forums and support for their router aren't very helpful so I was
> wondering if someone here could tell me a list of basic ports that the
> internet/chat requires to run. Or, indeed, whether I could somehow
> find out what ports were being used for legit stuff, bearing in mind
> that the traffic doesn't go through my parents machine - the router
> feeds them and him directly, as it were (ie: not ics).
>

You may find that this may be impossible to block all ports and just allow
http pages, as you can configure thinks like newsgroups to download from
port 80 (http).

What might be a better solution would be to restrict the allowed download
limit of each person, possibly linked to MAC address/IP address. Certain
routers can be configured to allow a defined amount of data to be downloaded
to a particular computer.

If the router doesn't allow this to be configured, and you are an IT-savvy
person, you could place an old PC between his PC and the router (with two
network cards) and install IPCOP on it. This will allow you to configure
download limits, set time limits and also log websites visited.

Also, have your parents set up some kind of guidelines with the person
living there with regard to internet useage? Does he pay for his part of
the broadband charges?

> There's a guy living in a room in my parents house who seems to be
> constantly downloading. I don't like the idea of that, I've told him
> not to, but when his cable is plugged in, the lights are always going
> nuts and it slows them down.
> The router allows blocking or allowing of any number of tcp and/or udp
> ports or to forward only certain traffic to specific machines.
> I'd like to set it to BLOCK ALL and ALLOW ONLY the ports needed for
> messaging, internet, mail...services like that.

The first thing to do might be to ask a couple of basic questions:

1) Does he have (or can he get) physical access to the router ?
2) Is it in the tenancy agreement that he can use the broadband* ?
3) Do you know what apps he's using ?

*if not, just pull it !

The first thing I think i'd do would be to check the status pages of the
router to find out just what his usage pattern is - just so you have an
idea what he's up to. You may also be able to set limits for his
specific MAC code within the router, or restrict it to certain times.

Reset the router password if it's as the default configuration - this
may get messy if he can get physical access, as he may be able to reset
this - but that in itself might be a way to remove him as a tenant.

Some file-sharing apps can work around different protection methods by
use of different protocols etc.

Common ports are listed all over the place, but it would take seconds to
change the port used for file sharing to one that has been allowed.

http://www.iss.net/security_center/a...xploits/Ports/

digitaltoast wrote:

> There's a guy living in a room in my parents house who seems to be
> constantly downloading. I don't like the idea of that, I've told him
> not to, but when his cable is plugged in, the lights are always going
> nuts and it slows them down.

When you say 'When his cable is plugged in' what exactly do you mean, is
this a physical cable that he 'plugs in' or are you referring to a WiFi
connection.

Routers are evolving, many of the newer ones allow port throttling which
will slow down heavy users without affecting other router ports.

If the broadband connection is a facility your parents want to continue
sharing with a tenant then perhaps a newer one may be the way to go.

Geoff Lane

On 27 Mar 2007 00:46:11 -0700, "digitaltoast" <(E-Mail Removed)>
mused:

>There's a guy living in a room in my parents house who seems to be
>constantly downloading. I don't like the idea of that, I've told him
>not to, but when his cable is plugged in, the lights are always going
>nuts and it slows them down.
>The router allows blocking or allowing of any number of tcp and/or udp
>ports or to forward only certain traffic to specific machines.
>I'd like to set it to BLOCK ALL and ALLOW ONLY the ports needed for
>messaging, internet, mail...services like that.
>
>The forums and support for their router aren't very helpful so I was
>wondering if someone here could tell me a list of basic ports that the
>internet/chat requires to run. Or, indeed, whether I could somehow
>find out what ports were being used for legit stuff, bearing in mind
>that the traffic doesn't go through my parents machine - the router
>feeds them and him directly, as it were (ie: not ics).

I'd just unplug his cable, tell him he's taking the piss now. If he's
not hapy he can fuck off.

Or, as others have said, depending on what router you have port
throttling might be an option, but I would just not let the yoghurt
use the internet. There are plenty of decent lodgers out there who
don't even have computers!
--
Regards,
Stuart.

On 27 Mar 2007 00:46:11 -0700, "digitaltoast" <(E-Mail Removed)>
wrote:

>There's a guy living in a room in my parents house who seems to be
>constantly downloading. I don't like the idea of that, I've told him
>not to, but when his cable is plugged in, the lights are always going
>nuts and it slows them down.
Does he have physical access to the router? - could he mess around
with it?


>The router allows blocking or allowing of any number of tcp and/or udp
>ports or to forward only certain traffic to specific machines.

Can you post the Make and Model of the router?


Regards
Steve

On 27 Mar 2007 00:46:11 -0700, in uk.telecom.broadband ,
"digitaltoast" <(E-Mail Removed)> wrote:

>There's a guy living in a room in my parents house who seems to be
>constantly downloading. I don't like the idea of that, I've told him
>not to, but when his cable is plugged in, the lights are always going
>nuts and it slows them down.

The lights going nuts simply means that he's using the net. Its not a
measure of traffic vols. Also his pc may be riddled w/ spyware and
adware phoning home. Maybe he's actually a victim here....

>The router allows blocking or allowing of any number of tcp and/or udp
>ports or to forward only certain traffic to specific machines.
>I'd like to set it to BLOCK ALL and ALLOW ONLY the ports needed for
>messaging, internet, mail...services like that.

You could block everything except 80, 81, 8000 and 25, and someone
could still spend all day downloading. Most P2P s/w can be configured
to use different ports, while many download sites operate using port
80 anyway.

If the router has some traffic management features, investigate them.
If not, consider a new router.

And remember it depends on the lodger agreement (your parents /did/
draw one up didn't they? its a legal requirement these days). Our
lodger's agreement says they can use the internet but must abide by my
ISP's AUP and T&C, and may not run any p2p software, or otherwise
degrade browsing experience for the family.
--
Mark McIntyre

On Mar 27, 11:00 pm, Mark McIntyre <markmcint...@spamcop.net> wrote:
> On 27 Mar 2007 00:46:11 -0700, in uk.telecom.broadband ,
>
> "digitaltoast" <digitalto...@gmail.com> wrote:
> >There's a guy living in a room in my parents house who seems to be
> >constantly downloading. I don't like the idea of that, I've told him
> >not to, but when his cable is plugged in, the lights are always going
> >nuts and it slows them down.
>
> The lights going nuts simply means that he's using the net. Its not a
> measure of traffic vols.

Hmmm - when cable is plugged in, lights go nuts and the link slows to
modem speeds.
Normal pc use doesn't make the lights go nuts. I thought it "blink"
was a packet? That's what the manual seems to suggest.

> Also his pc may be riddled w/ spyware and
> adware phoning home. Maybe he's actually a victim here....

Tosser more like - I have no sympathy with people with spyware. If he
does, I've a good mind to take my laptop along next time I visit and
hack him

> >The router allows blocking or allowing of any number of tcp and/or udp
> >ports or to forward only certain traffic to specific machines.
> >I'd like to set it to BLOCK ALL and ALLOW ONLY the ports needed for
> >messaging, internet, mail...services like that.
>
> You could block everything except 80, 81, 8000 and 25,

Ah, so that's what the basic internet needs, is it? We tried just 80
and DNS and that didn't work.

> and someone
> could still spend all day downloading. Most P2P s/w can be configured
> to use different ports, while many download sites operate using port
> 80 anyway.

Yeah, but I'm not actually sure he's bright enough to do the port
change himself...

> If the router has some traffic management features, investigate them.
> If not, consider a new router.

It's only a couple of months old! It can block or allow incoming or
outgoing UDP on any port or range. I thought that would be enough.

> And remember it depends on the lodger agreement (your parents /did/
> draw one up didn't they? its a legal requirement these days). Our
> lodger's agreement says they can use the internet but must abide by my
> ISP's AUP and T&C, and may not run any p2p software, or otherwise
> degrade browsing experience for the family.

Yes, they did and it does say no p2p. And apparently he says he's not.
They can't accuse him of doing something they can't prove - but the
broadband usage was part of the rental agreement. I think I might
suggest they give him a very small discount and make him get his own
NOW wireless or something.