Discussion in 'other firewalls' started by subzerox, Jan 26, 2006.
Like the title described is it normal that firefox listens on port 1441 TCP?
Thanks in advance guys
How do you notice that Firefox is listening to this port?
Zonealarm indicates this on the top right corner.
I either have established http connections or to 127.0.0.1 locally with ports 1026 and 1027, but none where firefox is listening.
Now this sounds disturbing, i have unleashed all sorts of scans and nothing is being picked up.
Symantec online scan
And nothing is being picked up.
I would really like to know if i have something installed in the form of Malware?
Is this port 1441 listening a normal occurence or what?
Firefox will try and listen on "localhost". It is listening for localhost loopback. Firefox on my system (at this time) is listening on localhost port 1187,(with outbound localhost port 1188 and inbound localhost 1187.)
Is it always using port 1441? A browser usually uses any port from 1024 up to 5000 or so.
I really don't know because i don't take notice at it actually untill yesterday when i explored the logs and stuff... and when i hovered over the firefox icon in the top right corner next to the lock icon together with generic host processor icon and such i noticed this message about port 1441.
How can i tell if this is just a inbound or outbound localhost process?
I hopefully can presume this is a innocent process?
If it's local host, it's harmless. Particularly firefox
I sometimes check with the Mozillazine forum support website for Firefox and post a message there to see what the Firefox gurus say about it.
This is normal for firefox, as you have ZA you can give Firefox "server rights" in the "trusted zone" and make sure you have the "loopback adapter" as "trusted" (Firewall / zones). When you run firefox, place your mouse cursor over the firefox icon (top right in ZA) and it will show a balloon to say "listening on port **** in trusted zone only"
This is how (with expert rules) I had firefox setup in ZA, and never any problems.
Thanks for your replis guys, i see now that the listening ports are changing frequently...probably nothing.
But does anyone know why FF needs to be listening to a port? I have the same thing, it does not have "server access" on my system but it is listening to a random port in the "Trusted Zone".
As mentioned, firefox likes to use loopback, and will therefore "listen" on port for the inbound connection. You could place a rule to block outbound to localhost(127.0.0.1) which should stop this. Which firewall have you?
Thanks for the feedback, but is there any reason why FF likes to do this? I mean none of the other browsers act this way. At first I thought it was perhaps related to one of the extensions. I use ZA Pro btw. Oh and since you seem to know about this stuff, my network entry type should not be in the "Trusted Zone" right? (This setting can be found in ZA´s firewall section.)
This is something firefox as always done. Whatever setting I have placed within firefox, it still attempts loopback.
IE uses UDP for loopback
It is firefox that performs the loopback, but you can block this
If you are on a Lan (behind a router?) then ZA will pick this up and place into the Zones. It is your option if you want this as trusted or internet. Some place this as trusted so that comms can easily be made to/from other PC`s on the network (file sharing). The main problem that can arrise from placing the Lan into the "internet zone" is the possibility that comms such as DHCP could be blocked, which can cause loss of connection.
The reason that Firefox creates a loopback connection to itself is apparently due to its Password Manager feature. If you don't use this, you can just block the connection.
I´m not on a LAN, currently 2 things are put in the Trusted Zone: my loopback adapter (entry type: IP address) and the XX.XX.XXX.XXX/255.255.255.255 "zone" (entry type: Network), is this normal? I have tried to place it into the "Internet Zone", but it keeps switching back. Obviously I´m not an expert when it comes to this.
Funny enough FF is blocked from having server access by ZA (trusted and internetzone) but it keeps listening. But Neoava Guard is able to block it.
Don't get to hung up on the status by looking at the top right icons. As long as you set ZA not to give server rights, you are fine. Those icon don't update their status often. A more accurate way to see if Firefox is still listening is to use the netstat command.
I´m not so sure about this because when I block "server access" with Neoava, the icon changes in ZA´s status area.
Btw, you know what I don´t understand, if I block Maxthon v2 from having "server access", ZA Pro tells me that Maxthon is blocked from listing to port 10000, but in reality it is not blocked at all, because the Ad Hunter feature (who needs port 10000) is still working. However Neoava Guard is able to correctly block this, so is this a bug in ZA or what?