Windows 7 2 way FW Ephemeral Ports

Discussion in 'other firewalls' started by Escalader, Jun 23, 2010.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    This is drawn from Crazy.. in the excellent stickies at the top of this forum.

    My question is are these ports the same in Windows 7 FW 2 way ?

    If not what are the new values
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Yes, they will be the same.

    see for correct answer below
     
    Last edited: Jun 23, 2010
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Actually, no. The default ephemeral range has been changed in Vista, see here.

    Try this on W7, I bet it's the same as Vista.
     
  4. weeNym

    weeNym Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    19
    As the link in Seer's post mentions "The new default start port is 49152, and the default end port is 65535."
    Does the Windows 7 firewall allow for entering port ranges?
    Vista only appears to permit specifying a port or list of ports. A list from 49152 to 65535 would be a little cumbersome ;)

    weeNym
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    I'll check this one out.

    BTW, some 3rd party FW's do not allow users to put in a condition for local ports so we should use this security feature as one of our selection criteria for these products.

    The question to put to vendors is do you default to the windows x Ephemeral Ports or allow any port(s)?
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    What do you mean? This screenshot is from W7 (sorry for the "ugliness", it is a VM) and the example (I pointed out) clearly states that ranges are supported -

    240610.png
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Nick::thumb:

    Thanks for that VM!

    Could you post a filled in one for IE or FF etc showing us what we need ephemeral wise?:D
    The tightening up on browsers is NB for FW's at least for me!

    If you are too busy don't worry about it just for me.
     
  8. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    Thanks for posting the port range!
     
  9. weeNym

    weeNym Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    19
    Not having Windows 7 I was simply asking if the Windows 7 firewall permits entering port ranges in the ports and protocols properties. ie. you wanted to enter the ephemeral port range in the local port for outbound rule.

    With Vista, you can only enter a port or list of ports. I doubt you would want to try and enter the ephemeral port range as a list.
    VistaFW_ports.jpg

    Your screenshot answers my question and indicates Windows 7 firewall will allow entering port ranges.

    weeNym
     
    Last edited: Jun 25, 2010
  10. weeNym

    weeNym Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    19
    While I cannot do it with Vista, it would look like this:
    W7FW_ephemeral.jpg

    weeNym
     
  11. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Oh, I see. I was not aware of that.
    After a little research on MS Technet, it turns out that Vista firewall will not filter port ranges even with netsh command parameters -

    Quote from here.

    Oh well.

    Cheers,
     
Loading...
Thread Status:
Not open for further replies.