what corporate firwall-ports should to be open?

john99 · 10-17-2009, 04:37 AM

Hallo

1.
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?

2.
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?

Thank's a lot for evey help!

John

jhwilliams · 10-18-2009, 12:17 AM

Quote:

Originally Posted by john99

Hallo

1.
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?

2.
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?

Thank's a lot for evey help!

John

22, 53, 80, 443, 25, 993 are good ones.

Of f* it, just DMZ the whole box. ;-)

anonym · 10-21-2009, 12:24 PM

Quote:

Originally Posted by john99

What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?

You will have to be able to communicate with the Tor network. You can use TorStatus to check which ORPorts and DirPorts the relays tend to use. Your firewall has to allow outbound connection to some subest of these TCP ports. Note that the fewer of the ORPorts you're able to connect to, the worse Tor's anonymity and performance gets.

If you want the time to be set correctly (Tor needs a somewhat accurate clock, so this might be nexessary) you also need the NTP port (UDP port 123) open for outbound connections.

Quote:

Originally Posted by john99

What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?

The best way I think is to use a Tor bridge. You can setup Tor to use a bridge through the TorK GUI controller for Tor (the onion in the system tray). Note that you'll have to redo this everytime you start Incognito when booting from a CD.

john99 · 11-19-2009, 11:07 AM

Thank's a lot for the informations! For a beginner like me, it sounds like trial and error...

Is there not a more "reliable" method to test from within Icognito if the required ports(for TOR)
on the corporate firewall are open?

Thank's a lot for any feedback!

John

jhwilliams · 11-19-2009, 07:17 PM

John,

I don't know what Incognito is, but here's how I handle opening ports:

As I install a new application, I lookup what ports it uses, and then open them for that, only, as needed. Example: "I've installed Apache. I better open Port 80."

If you want to see what ports are open on any host, check out nmap. For example, here's a scan of a domain I manage:

Code:

nmap domain.name

On the gateway:

Code:

PORT     STATE SERVICE
22/tcp   open     ssh
23/tcp   open     telnet
53/tcp   open     domain
80/tcp   open     http
443/tcp  open     https
8080/tcp filtered http-proxy

And on the main internal server (you don't have access to this information directly since its in my network):

Code:

PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
111/tcp  open  rpcbind
443/tcp  open  https
2049/tcp open  nfs
3306/tcp open  mysql

Best!
Jameson