Firefox listening on port 1441...is this normal?

Discussion in 'other firewalls' started by subzerox, Jan 26, 2006.

Thread Status:
Not open for further replies.
  1. subzerox

    subzerox Registered Member

    Joined:
    May 5, 2005
    Posts:
    35
    Like the title described is it normal that firefox listens on port 1441 TCP?

    Thanks in advance guys
     
  2. Itsme

    Itsme Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    148
    Hi subzerox
    How do you notice that Firefox is listening to this port?
    Ciao
    Itsme
     
  3. subzerox

    subzerox Registered Member

    Joined:
    May 5, 2005
    Posts:
    35
    Zonealarm indicates this on the top right corner.
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    I either have established http connections or to 127.0.0.1 locally with ports 1026 and 1027, but none where firefox is listening.

    -- Tom
     
  5. subzerox

    subzerox Registered Member

    Joined:
    May 5, 2005
    Posts:
    35
    Now this sounds disturbing, i have unleashed all sorts of scans and nothing is being picked up.

    Fsecure
    Counterspy
    SSA anti-keylogger
    ewido
    Symantec online scan

    And nothing is being picked up.

    I would really like to know if i have something installed in the form of Malware?

    Is this port 1441 listening a normal occurence or what?
     
  6. manzz

    manzz Registered Member

    Joined:
    Oct 6, 2005
    Posts:
    55
    Firefox will try and listen on "localhost". It is listening for localhost loopback. Firefox on my system (at this time) is listening on localhost port 1187,(with outbound localhost port 1188 and inbound localhost 1187.)
     
  7. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Is it always using port 1441? A browser usually uses any port from 1024 up to 5000 or so.
     
  8. subzerox

    subzerox Registered Member

    Joined:
    May 5, 2005
    Posts:
    35
    I really don't know because i don't take notice at it actually untill yesterday when i explored the logs and stuff... and when i hovered over the firefox icon in the top right corner next to the lock icon together with generic host processor icon and such i noticed this message about port 1441.

    How can i tell if this is just a inbound or outbound localhost process?

    I hopefully can presume this is a innocent process?
     
  9. localhost

    localhost Guest

    If it's local host, it's harmless. Particularly firefox
     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  11. manzz

    manzz Registered Member

    Joined:
    Oct 6, 2005
    Posts:
    55
    This is normal for firefox, as you have ZA you can give Firefox "server rights" in the "trusted zone" and make sure you have the "loopback adapter" as "trusted" (Firewall / zones). When you run firefox, place your mouse cursor over the firefox icon (top right in ZA) and it will show a balloon to say "listening on port **** in trusted zone only"
    This is how (with expert rules) I had firefox setup in ZA, and never any problems.
     
  12. subzerox

    subzerox Registered Member

    Joined:
    May 5, 2005
    Posts:
    35
    Thanks for your replis guys, i see now that the listening ports are changing frequently...probably nothing.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    But does anyone know why FF needs to be listening to a port? I have the same thing, it does not have "server access" on my system but it is listening to a random port in the "Trusted Zone". o_O
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    As mentioned, firefox likes to use loopback, and will therefore "listen" on port for the inbound connection. You could place a rule to block outbound to localhost(127.0.0.1) which should stop this. Which firewall have you?
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Thanks for the feedback, but is there any reason why FF likes to do this? I mean none of the other browsers act this way. At first I thought it was perhaps related to one of the extensions. I use ZA Pro btw. Oh and since you seem to know about this stuff, my network entry type should not be in the "Trusted Zone" right? (This setting can be found in ZA´s firewall section.) o_O
     
  16. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This is something firefox as always done. Whatever setting I have placed within firefox, it still attempts loopback.
    IE uses UDP for loopback
    It is firefox that performs the loopback, but you can block this
    If you are on a Lan (behind a router?) then ZA will pick this up and place into the Zones. It is your option if you want this as trusted or internet. Some place this as trusted so that comms can easily be made to/from other PC`s on the network (file sharing). The main problem that can arrise from placing the Lan into the "internet zone" is the possibility that comms such as DHCP could be blocked, which can cause loss of connection.
     
  17. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The reason that Firefox creates a loopback connection to itself is apparently due to its Password Manager feature. If you don't use this, you can just block the connection.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I´m not on a LAN, currently 2 things are put in the Trusted Zone: my loopback adapter (entry type: IP address) and the XX.XX.XXX.XXX/255.255.255.255 "zone" (entry type: Network), is this normal? I have tried to place it into the "Internet Zone", but it keeps switching back. Obviously I´m not an expert when it comes to this.

    Funny enough FF is blocked from having server access by ZA (trusted and internetzone) but it keeps listening. But Neoava Guard is able to block it. :rolleyes:
     
  19. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    Don't get to hung up on the status by looking at the top right icons. As long as you set ZA not to give server rights, you are fine. Those icon don't update their status often. A more accurate way to see if Firefox is still listening is to use the netstat command.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I´m not so sure about this because when I block "server access" with Neoava, the icon changes in ZA´s status area.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Btw, you know what I don´t understand, if I block Maxthon v2 from having "server access", ZA Pro tells me that Maxthon is blocked from listing to port 10000, but in reality it is not blocked at all, because the Ad Hunter feature (who needs port 10000) is still working. However Neoava Guard is able to correctly block this, so is this a bug in ZA or what? :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.