Can Gnutella be blocked by an ISP?

P

purplepassionhll

New member
You're quite correct. The in-bound connection will be made through any private port. This whole conversation was just some unregistered user claiming there was something that made ports 2000 & 4000 special or unblockable.

I have one disagreement though. While port 80 will never be blocked, having Gnutella clients all running on that port isn't such a good idea. First because so many are using that port for http. Second, because it would be very hard to differentiate between Gnutella servers and http servers. At least with port 5190, it's easy to tell the difference if the port is used for AIM or gnutella, and there wouldn't be a lot of false positives when scanning for hosts.

As far as FTP... Passive mode is as functional as non-passive mode, so I wouldn't suspect ISPs would be opposed to blocking anything unused above 1023.


One minor correction, the range includes 1024 as well.
 
Perfectly true - but actually that was kind of what I was thinking. ;0) It would look much more like normal trafic to the ISP. As far as false positives go, most Gnutella peers wouldn't have much of a problem. Since a web server wouldn't send the Guntella connect string, the connection would just be dropped (actually probably quicker than if it timed out connecting to a stealthed port or dead IP address). Also downloading in Gnutella basically acts like a webserver anyway. Many of the peers now even return a webpage if you connect with a browser.



No problem behind a company firewall, but too many Internet doo-dads have built-in FTP for one thing or another that defaults to active (thought I'll admit I don't understand why passive isn't a universal yet). ISP's would be reluctant to block it becuase they'd probably get complaints that people's Budwizer frog news ticker and bass report wasn't working.

Actually, on second thought, we should be thanking our lucky stars for active FTP, pain that it is, just because it makes it harder for an ISP to justify banning all incoming connections. In fact, it would probably be a good idea for programmers to make as many pointless, gimmicky, apps with AOL-appeal as possible use incoming connections! ;-)



Right, I messed up there!
 
I read an article in CNET mentioning that the RIAA is talking to ISPs to shut down Napster like services specifically OpenNap in the US and abroad. They suggest that Gnutella is next in their list. I'm fairly technical but I do not know if Gnutella can be shut down/blocked trough an ISP. Although I don't really get MP3s this highly concerns me since I use Gnutella a lot to obtain information on different topics.

The link is http://news.cnet.com/news/0-1005-200-4925360.html

Is this true? What are your thoughts?.
 
well, they could of course block the standard Gnutella port.
But as most, if not all, servents are configurable in that point, it would only be a matter of time (days, at most weeks) until the community has agreed to use a different standard port.
And the ISPs can't just continue closing the new ports, as this would hinder the normal web-surfers, too.
 
Right now most people use Port 6346. If this port if blocked for you, you won't be able to download from people using that port. However, you can use any port if you like...

Port 5190 or 8080 should be the standard as they are rarely used, but are used enough that they wouldn't be blocked. 5190 is the port AOL's Instant messenger, and ICQ uses.

Also, an ISP that blocks all incomming connections would extremely limit the functionality of any type of server, but that's very unlikely to happen.
 
Browsers use ports in the 2000 and 4000 number range for connections BACK from the server sometimes, so you could use them as they would probably not be blocked.

A ISP guy told me that is too lame a way and its easier for them to throttle you, then you don't get all upset, just get crappy bandwidth, you can't complain because what you are doing is against the ISP's rules, so everyone is happy.

So when you see your speed drop down, you probably know what is going on. If it's 56k dial up, don't worry about it, no one cares.

The problem is with the ISP's, if your ISP caves into this crap without a court ordered warrant, drop their aasssses and get a new one that day. Then post everywhere and give that ISP bad PR, they will get the message real fast.

Go get a free ISP and really stick it to them, get several so you have as many hours as you want. Get a extra line and run Gnutella 24/7 and really show off!

The RIAA depends on whimps that don't know law to get their way. Know your rights, raise hell about anyone that tries to violate your rights and you will be OK.
 
Originally posted by Informant
Browsers use ports in the 2000 and 4000 number range for connections BACK from the server sometimes, so you could use them as they would probably not be blocked.[/QUOTE.

Do you know nothing about TCP/IP and port blocking? You web browser creates a connection from localhost:2000 or somesuch to www.remotehost.com:80 to use the web. Connections with a remote port of 2000 could be blocked while connections coming from port 2000 could still be allowed to run. Firewalls would really disrupt connections to the internet if this was not the case.
Click to expand...
 
There are already filters that watch packet content for several applications, so this would most likely exist for gnutella as well. Read some other posts on this forum for examples. Ports are just the easiest way to block stuff like this, however if an ISP decides to filter the data then there is not a lot that can be done about it escept maybe open an SSH connection.. which would not be hard either for an ISP to see.

If an ISP wants to block gnutella, it can do so very effectively.. Will they? I doubt it.

Tam
 
I've got to say, I'm a Cisco certified network technician and I've got no idea what you're talking about... A browser uses the ports each protocol uses. So for web browsing, *only* port 80 is used. For FTP, port 23, etc.

This port 2000 & 4000 stuff is nonsense and I've no clue where you got that idea from.
 
maybe its time to stop reading books from barnes and noble and try some real world stuff like monitor some TCP packets certification only means you kissed some corporate *** so you could try to get more $$ anyone can pass a written test if they can memorize stuff.
sorry, but this certification stuff upsets me because i know some bone heads that mess things up real bad and have "certification", then I have to go fix it they do pay me the bigger bucks though, but it still upsets me that i go and fix this simple stuff.
port 80 is on the server side, not the client thats not in your book now is it?
 
netst -an partly cut/paste

TCP 192.168.0.25:2427 66.28.32.107:80 TIME_WAIT
TCP 192.168.0.25:2433 216.239.35.119:80 ESTABLISHED

Looks to as they are in the 2000-4000 range.. but this is not guaranteed to be so. Oh well..
 
It's the outgoing port. If I were to block 2433 and 2427, I'd still get a connection to port 80 on the remote machine. I think that was the point later on the discussion (although quite unrelated to the initial topic I must say).

-- Mike
 
It doesn't matter what you think you know... Most firewalls do block everything but the common ports. 80, 23, etc. Not leaving either of the ports you mention open, with no problems at all.

I agree with you that certification doesn't mean much, but I do know what I'm talking about as I set up firewalls, routers, and so forth. Always only leaving open the public ports, and a few private ones for AIM and the like.

My current firewall settings... Notice no open 2000 or 4000.

Starting nmap V. 2.53 by [email protected] ( www.insecure.org/nmap/ )
Interesting ports on (10.150.10.64):
(The 1499 ports scanned but not shown below are in state: filtered)
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
43/tcp open whois
53/tcp open domain
70/tcp open gopher
80/tcp open http
109/tcp open pop-2
110/tcp open pop-3
119/tcp open nntp
441/tcp open decvms-sysmgt
442/tcp open cvc_hostd
443/tcp open https
554/tcp open rtsp
648/tcp open unknown
820/tcp open unknown
821/tcp open unknown
822/tcp open unknown
823/tcp open unknown
1080/tcp open socks
1433/tcp open ms-sql-s
5190/tcp open aol
8080/tcp open http-proxy
 
There it is, 8080 and your browser looks for that one or any open one like in the 3000's or 2000's it can get when it needs it unless you tell it to use a proxy then you restrict it as what to use.
Nice you leave ftp open for me to hack in, and that mail server, nice! Thanks.
You are not serving http docs so why leave 80 open?
pop3 too how nice for me.
Your firewall is set up for a server, you better quit that crap. Who said to do that? Do these people you work for know you are doing it that way?
I was hoping you would find out for yourself, but I will spell it out, go get on a linux box, dial in (no firewall please), start netscape, browse for a while, open a shell, type "netstat -n" and post the first few lines here for us and tell us all about it. Think before you type, please!
Linux is a firewall, so you don't need one. Windows is the only reason for a firewall because it stinks as a real OS, or you may want one just if you are paranoid.
Glad you are learning, but remember you will never know it all. Read the man page on netstat and show us what you can do with it.
 
you can configure your firewall to block or allow both ways

ie:

add allow all from 10.0.0.150 2000 to 10.0.0.151 80
add deny all from any to any

this would only allow a socket connection to port 80 on 10.0.0.151 if 10.0.0.150 would actually bind their socket to port 2000.

Anyway, its a mute discussion. Its more fun to squable about protocols
 
You really need to calm down... The firewall is set up to accomodate several hundred servers and thousands of workstations. Is that good enough of an answer for you? ftp, http, ssl, and pop3 are open because they need to be open. You take me for an idiot and that's only your first mistake. Besides, from what I've heard from you so far, you sound like you couldn't break into even a Windows box, with or without any firewall.

I am not a windows user, on 90% or my own machines I'm running OpenBSD 2.8, while I only have one Windows NT 4 box I access over VNC and a couple Slackware Linux 7.1 (and one 3.3) boxes.

If you'd like the output of netstat, fine, but I think this discussion wouldn't go anywhere. My own system, with netstat, tcpdump, snort, and so forth, doesn't report a single port 2000-5000 being used at all, so I renew my original statement.

And perhaps you will take your own advice.
 
So... I tried to read it all, and I still clueless.
I'm behind a firewall, the messenger, the icq, and the Y!, works fine, maybe they are using port 80 or 21.... I don't know.

The LimeWire can't connect automaticly, will I be able to use it connecting to other server/port? or I better give up and desinstall it and forget all about this.

Thanxs
 
Every connection has TWO endpoints - a source and a destination. While it's true your browser usually connects to web servers on port 80 (though a server can run on any port), that's just the outbound endpoint. The local side of the TCP/IP connection will be on a random port above 1024.

A firewall can block all outbound packets except those to port 80 and web surfing will still work. However try blocking all inbound packets except to port 80 and you'll be in trouble. "Stateful" firewalls keep track of the outbound connections and allow these inbound packets automatically. "Stateless" firewall don't so you have to leave these ranges open for inbound packets.

Also FTP, in particular requires uses inbound connections to higher ports when not in "passive" mode (making it unlikely for an ISP to block these ranges).

Actually, as long as you're not running a web server on your PC you could actually use 80 or some other common port for Gnutella - it'll work just as well and be very hard for an ISP to block.
 
Back
Top