Program closed and still have hits on UDP port 8466

aslo · **Joined:** Wed Mar 01, 2006 10:50 am **Posts:** 3

My firewall still indicates that various IP addresses are trying to gain access through port 8466. Any reason for this? I don't see the program open in my task manager.

dave martin · **Posted:** Wed Mar 01, 2006 11:40 am

Is this because you are showing up in peoples lists as being recently on line?
And then they are double clicking on your listing, their streamer is seeking the source but cant get it cos your ports closed due to you closing down.
I may be right, but its just a guess,
Dave.

aslo · **Joined:** Wed Mar 01, 2006 10:50 am **Posts:** 3

dave martin wrote:

Is this because you are showing up in peoples lists as being recently on line?
And then they are double clicking on your listing, their streamer is seeking the source but cant get it cos your ports closed due to you closing down.
I may be right, but its just a guess,
Dave.

Are you referring to an ip address that may show up? Why would they be double clicking on my listing? I'm not a broadcaster and the program was closed for over 30 minutes.

dave martin · **Posted:** Wed Mar 01, 2006 12:07 pm

Yes but you may have been a host for others.

darkone · **Posted:** Wed Mar 01, 2006 1:09 pm

you will get packets hitting port 8466 for a while, as EVERY streamer caches the IP addresses of all the other streamer clients on the network. Dont panic, its nothing sinister. (try clicking the -> and then click hosts.... see everyone else

)
It will just be the streamer clients working out if youre really alive or not. I suspect the packets are negligable in size and certainly pose no threat.

If you were running limewire long enough to get yer IP cached, you would see the same results on the limewire port.... Bittorrent also does this until the tracker decides youre not connected to it anymore......

KMeat · **Posted:** Wed Mar 01, 2006 9:53 pm

Pretty much what he said.

Thanks DarkOne!

aslo · **Joined:** Wed Mar 01, 2006 10:50 am **Posts:** 3

I see that Zone Alarm consistently blocks hits on UDP port 8466 even when the program is open. Is that supposed to be the case? Wouldn't it be a security risk to modify the firewall's internet zone to allow incoming on the port. I see in your Help section that Zone Alarm limits connections on that port.

http://www.streamerp2p.com/?page=strmsup.htm

Quote:

If you use the free Zonealarm firewall, you just need to allow Streamer to be a server as ZA handles the ports automatically. Zonealarm does however seem to limit the number of 'alive' hosts you can see, which could make some stations unavailable.

Planet Texas · **Posted:** Thu Mar 02, 2006 6:38 am

Strictly speaking, you are correct with your concern regarding opening additional ports could increase your security risk. You should only open ports that are necessary. But, on the flip side of that argument, just because a port is open does not mean something bad can slip into your network. If a port is open, there must be an application or service on the inside of your network that is using the port. It is the application or service that would have a weakness that might result in a security threat.
You don't hear about Microsoft or Linux or anyone releasing a patch for a port. Its always an application or operating system patch.

Now with that out of the way, Streamer has been running for about 4 years now and I don't ever recall a security related incident (knock on wood) Iain, KMeat feel free to chime in hear

You can tell ZoneAlarm to allow traffic on port 8466 for the Streamer application.

KMeat · **Posted:** Thu Mar 02, 2006 11:26 am

As in the post in the other topic referred to above, in order for Streamer to function properly, it should be allowed to be a server as far as ZA is concerned. This will allow any incoming packets destined for the Streamer application to get processed by the Streamer application.

There have been absolutely 0 reports of anything malicious resulting from doing the above. Iain is a very cautious coder, unlike it would seem many at uSoft... who sometimes seem to make it a routine thing to write code such that a buffer overflow can occur. Won't happen here.

It should be noted again here however that Streamer does have a small bug in it where occasionally it will try to send something destined for port 0 to the target machine. ZA and other firewalls are very quick to point these out as malicious attacks. When you see these, you will probably also see that the source port is 8466 or something very similar. Disragard these as they will not cause any harm to your system whatsoever.

d-tracks · **Posted:** Thu Mar 02, 2006 12:39 pm

A few words about desktop firewalls:

Personal firewalls are good to control internet access of installed programs. Also it's good to block some insecure windows services. Ports which are closed and no service is listening on you can leave unblocked. Yes i mean this. It's nonsens to block closed ports. Better is to turn off all unneeded services instead of leaving them running and blocking them.

It's a fable of firewall manufacturer that you have to stealth all ports to be secure. No ping reply doesn't impress a hacker. Read about tcp/ip and arp and you will find out that there are several possibilities to detect if there is a machine online even if all ports are 'stealth'.

further reading: http://www.robertmoir.co.uk/secure/WhyF ... sSuck.html

That doesn't mean that it's bad to run a personal firewall but you have to know what they can do and what they can't do.

A pc is a very complex system. You can't make a system more secure with increasing the complexity. A firewall increase the complexity by adding thousand lines of code with possible additional bugs and security holes.

Streamerp2p Forum

Program closed and still have hits on UDP port 8466

Who is online