Re: Controlling Outbound Ports
- From: v-kzhao@xxxxxxxxxxxxxxxxxxxx ("Ken Zhao [MSFT]")
- Date: Wed, 03 Oct 2007 06:00:37 GMT
I think you may need some third party port monitor utilities to do this.
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Controlling Outbound Ports
| thread-index: AcgFMOs3ybU/xPWrQGuY08kL5NlYnA==
| X-WBNR-Posting-Host: 207.46.192.207
| From: =?Utf-8?B?QmFib29u?= <baboon@xxxxxxxxxxxxxx>
| References: <1E57805F-89F1-4CCB-8806-766E19EE5CF5@xxxxxxxxxxxxx>
<OnXZZmEBIHA.5328@xxxxxxxxxxxxxxxxxxxx>
<F332820E-8982-4AD2-AA8E-5C7D913746A7@xxxxxxxxxxxxx>
<Od0X9DHBIHA.3848@xxxxxxxxxxxxxxxxxxxx>
<OKPIHLHBIHA.324@xxxxxxxxxxxxxxxxxxxx>
<8B4945A2-610D-4F75-86A2-B25F3516B58E@xxxxxxxxxxxxx>
<#CGebiPBIHA.5868@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Controlling Outbound Ports
| Date: Tue, 2 Oct 2007 13:15:04 -0700
| Lines: 106
| Message-ID: <555DE525-442A-46CA-A2AD-46EDB9D992B8@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
| Newsgroups: microsoft.public.windows.server.networking
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:7818
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.networking
|
| No, not the Univ of Ill., but close. We are a major higher ed
institution.
|
| There is only one website that we know of that is causing us this
problem,
| and it's www.springerlink.com. I can't give out the IP address range of
our
| machines in a public forum such as this.
|
| Being that we are so disjointed here in our IT department, I didn't know
| that there is a proxy server on our network that can be used if desired.
If
| I use the proxy, I am able to connect to the web site from XP. I know
| nothing about the platform of the proxy, but it is accessed by typing a
URL
| as such:
| http://proxy.xxxxx.edu/login?url=http://www.springerlink.com/home/main.mpx
|
| So we have a workaround, but nobody has solved the problem yet.
|
| At this point, I am not asking for help (though it certainly is
welcomed),
| but I figure I have your interest so I'm just keeping you informed in
that
| case.
|
| Thanks.
|
| "Phillip Windell" wrote:
|
| >
| > "Baboon" <baboon@xxxxxxxxxxxxxx> wrote in message
| > news:8B4945A2-610D-4F75-86A2-B25F3516B58E@xxxxxxxxxxxxxxxx
| >
| > > I can tell you that although I am in the habit of referring to our
| > > "firewall", it's really just an ACL on our internet router and we
have
| > > public
| > > IP addresses on the internal network, so no NAT.
| >
| > Yes that would be the case. Actually Cisco in their material even
refers
| > to a Router as a Broadcast Firewall even when there is no ACLs. So if
you
| > run ACLs, then it is a NAT-less Firewall to me :-)
| >
| > This wouldn't happen to be U of I in Illinois would it?
| >
| > > I believe that means the
| > > connections are simply passing through to the Internet routers. But
you
| > > may
| > > be correct that the Web server at the other end is behind a firewall,
so
| > > the
| > > packets are probably being blocked somewhere on the way out.
| >
| > That could be,...but I really don't think the Source Ports are the
problem.
| >
| > > I misspoke slightly when I said XP machines only, as this also affects
| > > Windows 2000 and 2003 as well. We have tried machines that are not
part
| > > of
| > > our organization from our network via VPN and we can recreate the
problem.
| > > So it's not a configuration problem. It's not a browser problem, nor
a
| > > Java
| > > or other application problem. *If I telnet to port 80 on the web
server
| > > from
| > > XP, the connection also fails.* By now it seems you should be
convinced
| > > that
| > > the lower port theory is at least a plausible one.
| >
| > It isn't impossible, but *extremely* unlikely. The source ports are
| > considered "response traffic" to an already initiated connection. The
| > initial connection port (typically 80 for web sites) is what the Rule
| > Processing is based on and is what the whole thing of being "statefull"
is
| > all about and would apply to ACL seven if NAT wasn't used. Maybe the
Router
| > you have running the ACLs has a flaw in its "statefullness" and is
causing
| > the problem. You need to setup logging at that Router and see if it is
| > stopping anything. The Source Ports would never be the problem if a
device
| > operates according to Standards,...but if the Device has a flaw in its
| > OS,..that's another story.
| >
| > > I think you are probably correct that a utility with the capability
I'm
| > > looking for doesn't exist. My role is only to help prove the lower
port
| > > theory; the Network people are working on solving the problem.
Although I
| > > don't expect help with that, if someone comes up with an idea, then
great.
| >
| > What exactly are these "problem" web sites? It would be nice to not
work in
| > the dark. it would also be useful to know the IP range of the
workstations
| > having the problem.
| >
| > > When (if) this gets solved, I'll definitely post back here to let
folks
| > > know.
| >
| > Sounds good.
| >
| > --
| > Phillip Windell
| > www.wandtv.com
| >
| > The views expressed, are my own and not those of my employer, or
Microsoft,
| > or anyone else associated with me, including my cats.
| > -----------------------------------------------------
| > Understanding the ISA 2004 Access Rule Processing
| > http://www.isaserver.org/articles/ISA2004_AccessRules.html
| >
| > Troubleshooting Client Authentication on Access Rules in ISA Server 2004
| >
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6
cfa07/ts_rules.doc
| >
| > Microsoft Internet Security & Acceleration Server: Partners
| > http://www.microsoft.com/isaserver/partners/default.asp
| >
| > Microsoft ISA Server Partners: Partner Hardware Solutions
| >
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.ms
px
| > -----------------------------------------------------
| >
| >
| >
|
.
- References:
- Controlling Outbound Ports
- From: Baboon
- Re: Controlling Outbound Ports
- From: Phillip Windell
- Re: Controlling Outbound Ports
- From: Baboon
- Re: Controlling Outbound Ports
- From: Phillip Windell
- Re: Controlling Outbound Ports
- From: Phillip Windell
- Re: Controlling Outbound Ports
- From: Phillip Windell
- Re: Controlling Outbound Ports
- From: Baboon
- Controlling Outbound Ports
- Prev by Date: Re: Network Connectivity Problem
- Next by Date: Re: lost connection to network mapped drives
- Previous by thread: Re: Controlling Outbound Ports
- Next by thread: RE: Controlling Outbound Ports
- Index(es):
Relevant Pages
|
