Quick Introduction to Computer Ports

Any computer that has network connectivity usually offers services to users both remotely and locally.  Typically the computer will offer these services by running a number of locally hosted services.  In a TCP/IP network, the services are usually available via ports on the local computer.  When a computer connects to access a particular service and end-to-end connection is normally established and a socket set up at each end of the connection.  In simple terms you can think of the socket as a telephone at each end of a line and the port is a specific telephone number.

Most of the common services are usually found at a predetermined port number, in fact they can act as an identifier of the service.     It’s important to remember that although these port number assignments are normally followed there is no strict enforcement of these standards.    Although it is likely that an FTP server is listening on Port 21 there is no actual guarantee that this is true.   These predetermined port assignments are commonly followed though and it is usually considered best practice.   In some senses it can make network management functions much simpler than if non-standard ports are used which makes identifying roles and services harder.

For instance most people would expect a service running on port 80 would be a HTTP server although there is nothing to stop some other service using it.

Republished from archive of Thomas Riemer’s Port Numbers page

The Registered Ports are not controlled by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users.

Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. While the IANA can not control uses of these ports it does register or list uses of these ports as a convienence to the community.

To the extent possible, these same port assignments are used with the UDP [RFC768].

The Registered Ports are in the range 1024-65535.

Port Assignments:

 

  • 1024/tcp Reserved
  • 1024/udp Reserved
  • blackjack 1025/tcp network blackjack
  • blackjack 1025/udp network blackjack
  • iad1 1030/tcp BBN IAD
  • iad1 1030/udp BBN IAD
  • iad2 1031/tcp BBN IAD
  • iad2 1031/udp BBN IAD
  • iad3 1032/tcp BBN IAD
  • iad3 1032/udp BBN IAD
  • nim 1058/tcp nim
  • nim 1058/udp nim
  • nimreg 1059/tcp nimreg
  • nimreg 1059/udp nimreg
  • instl_boots 1067/tcp Installation Bootstrap Proto. Serv.
  • instl_boots 1067/udp Installation Bootstrap Proto. Serv.
  • instl_bootc 1068/tcp Installation Bootstrap Proto. Cli.
  • instl_bootc 1068/udp Installation Bootstrap Proto. Cli.
  • socks 1080/tcp Socks
  • socks 1080/udp Socks
  • ansoft-lm-1 1083/tcp Anasoft License Manager
  • ansoft-lm-1 1083/udp Anasoft License Manager
  • ansoft-lm-2 1084/tcp Anasoft License Manager
  • Ip address American Netflix
  • ansoft-lm-2 1084/udp Anasoft License Manager
  • nfsd-status 1110/tcp Cluster status info
  • nfsd-keepalive 1110/udp Client status info
  • nfa 1155/tcp Network File Access
  • nfa 1155/udp Network File Access
  • lupa 1212/tcp lupa
  • lupa 1212/udp lupa
  • nerv 1222/tcp SNI R&D; network
  • nerv 1222/udp SNI R&D; network
  • hermes 1248/tcp
  • hermes 1248/udp
  • alta-ana-lm 1346/tcp Alta Analytics License Manager
  • alta-ana-lm 1346/udp Alta Analytics License Manager
  • bbn-mmc 1347/tcp multi media conferencing
  • bbn-mmc 1347/udp multi media conferencing
  • bbn-mmx 1348/tcp multi media conferencing
  • bbn-mmx 1348/udp multi media conferencing
  • sbook 1349/tcp Registration Network Protocol
  • sbook 1349/udp Registration Network Protocol
  • channel 4 online abroad
  • editbench 1350/tcp Registration Network Protocol
  • editbench 1350/udp Registration Network Protocol
  • equationbuilder 1351/tcp Digital Tool Works (MIT)
  • equationbuilder 1351/udp Digital Tool Works (MIT)
  • lotusnote 1352/tcp Lotus Note
  • relief 1353/tcp Relief Consulting
  • relief 1353/udp Relief Consulting
  • rightbrain 1354/tcp RightBrain Software
  • rightbrain 1354/udp RightBrain Software
  • intuitive edge 1355/tcp Intuitive Edge
  • intuitive edge 1355/udp Intuitive Edge
  • cuillamartin 1356/tcp CuillaMartin Company
  • cuillamartin 1356/udp CuillaMartin Company
  • pegboard 1357/tcp Electronic PegBoard
  • pegboard 1357/udp Electronic PegBoard
  • connlcli 1358/tcp CONNLCLI
  • connlcli 1358/udp CONNLCLI
  • US Ip Address
  • ftsrv 1359/tcp FTSRV
  • ftsrv 1359/udp FTSRV
  • mimer 1360/tcp MIMER
  • mimer 1360/udp MIMER
  • linx 1361/tcp LinX
  • linx 1361/udp LinX
  • timeflies 1362/tcp TimeFlies
  • timeflies 1362/udp TimeFlies
  • ndm-requester 1363/tcp Network DataMover Requester
  • ndm-requester 1363/udp Network DataMover Requester
  • ndm-server 1364/tcp Network DataMover Server
  • ndm-server 1364/udp Network DataMover Server
  • adapt-sna 1365/tcp Network Software Associates
  • adapt-sna 1365/udp Network Software Associates
  • netware-csp 1366/tcp Novell NetWare Comm Service Platform
  • netware-csp 1366/udp Novell NetWare Comm Service Platform
  • dcs 1367/tcp DCS
  • dcs 1367/udp DCS
  • screencast 1368/tcp ScreenCast
  • screencast 1368/udp ScreenCast
  • gv-us 1369/tcp GlobalView to Unix Shell
  • gv-us 1369/udp GlobalView to Unix Shell
  • us-gv 1370/tcp Unix Shell to GlobalView
  • us-gv 1370/udp Unix Shell to GlobalView
  • fc-cli 1371/tcp Fujitsu Config Protocol
  • fc-cli 1371/udp Fujitsu Config Protocol
  • fc-ser 1372/tcp Fujitsu Config Protocol
  • fc-ser 1372/udp Fujitsu Config Protocol
  • chromagrafx 1373/tcp Chromagrafx
  • chromagrafx 1373/udp Chromagrafx
  • molly 1374/tcp EPI Software Systems
  • molly 1374/udp EPI Software Systems
  • bytex 1375/tcp Bytex
  • bytex 1375/udp Bytex
  • ibm-pps 1376/tcp IBM Person to Person Software
  • ibm-pps 1376/udp IBM Person to Person Software
  • cichlid 1377/tcp Cichlid License Manager
  • cichlid 1377/udp Cichlid License Manager
  • elan 1378/tcp Elan License Manager
  • dbreporter 1379/tcp Integrity Solutions
  • dbreporter 1379/udp Integrity Solutions
  • telesis-licman 1380/tcp Telesis Network License Manager
  • telesis-licman 1380/udp Telesis Network License Manager
  • apple-licman 1381/tcp Apple Network License Manager
  • apple-licman 1381/udp Apple Network License Manager
  • udt_os 1382/tcp
  • udt_os 1382/udp
  • gwha 1383/tcp GW Hannaway Network License Manager
  • gwha 1383/udp GW Hannaway Network License Manager
  • os-licman 1384/tcp Objective Solutions License Manager
  • os-licman 1384/udp Objective Solutions License Manager
  • atex_elmd 1385/tcp Atex Publishing License Manager
  • atex_elmd 1385/udp Atex Publishing License Manager
  • checksum 1386/tcp CheckSum License Manager
  • checksum 1386/udp CheckSum License Manager
  • cadsi-lm 1387/tcp Computer Aided Design Software Inc LM
  • cadsi-lm 1387/udp Computer Aided Design Software Inc LM
  • objective-dbc 1388/tcp Objective Solutions DataBase Cache
  • objective-dbc 1388/udp Objective Solutions DataBase Cache
  • iclpv-dm 1389/tcp Document Manager
  • iclpv-dm 1389/udp Document Manager
  • iclpv-sc 1390/tcp Storage Controller
  • iclpv-sc 1390/udp Storage Controller
  • iclpv-sas 1391/tcp Storage Access Server
  • iclpv-sas 1391/udp Storage Access Server
  • iclpv-pm 1392/tcp Print Manager
  • iclpv-pm 1392/udp Print Manager
  • iclpv-nls 1393/tcp Network Log Server
  • iclpv-nls 1393/udp Network Log Server
  • iclpv-nlc 1394/tcp Network Log Client
  • iclpv-nlc 1394/udp Network Log Client
  • iclpv-wsm 1395/tcp PC Workstation Manager software
  • iclpv-wsm 1395/udp PC Workstation Manager software
  • dvl-activemail 1396/tcp DVL Active Mail
  • dvl-activemail 1396/udp DVL Active Mail
  • audio-activmail 1397/tcp Audio Active Mail
  • audio-activmail 1397/udp Audio Active Mail
  • video-activmail 1398/tcp Video Active Mail
  • video-activmail 1398/udp Video Active Mail
  • cadkey-licman 1399/tcp Cadkey License Manager
  • cadkey-licman 1399/udp Cadkey License Manager
  • cadkey-tablet 1400/tcp Cadkey Tablet Daemon
  • cadkey-tablet 1400/udp Cadkey Tablet Daemon
  • goldleaf-licman 1401/tcp Goldleaf License Manager
  • goldleaf-licman 1401/udp Goldleaf License Manager
  • prm-sm-np 1402/tcp Prospero Resource Manager
  • prm-nm-np 1403/tcp Prospero Resource Manager
  • igi-lm 1404/tcp Infinite Graphics License Manager
  • igi-lm 1404/udp Infinite Graphics License Manager
  • ibm-res 1405/tcp IBM Remote Execution Starter
  • ibm-res 1405/udp IBM Remote Execution Starter
  • netlabs-lm 1406/tcp NetLabs License Manager
  • netlabs-lm 1406/udp NetLabs License Manager
  • dbsa-lm 1407/tcp DBSA License Manager
  • dbsa-lm 1407/udp DBSA License Manager
  • sophia-lm 1408/tcp Sophia License Manager
  • sophia-lm 1408/udp Sophia License Manager
  • here-lm 1409/tcp Here License Manager
  • here-lm 1409/udp Here License Manager
  • hiq 1410/tcp HiQ License Manager
  • hiq 1410/udp HiQ License Manager
  • af 1411/tcp AudioFile
  • af 1411/udp AudioFile
  • innosys 1412/tcp InnoSys
  • innosys 1412/udp InnoSys
  • innosys-acl 1413/tcp Innosys-ACL
  • innosys-acl 1413/udp Innosys-ACL
  • ibm-mqseries 1414/tcp IBM MQSeries
  • ibm-mqseries 1414/udp IBM MQSeries
  • dbstar 1415/tcp DBStar
  • dbstar 1415/udp DBStar
  • novell-lu6.2 1416/tcp Novell LU6.2
  • novell-lu6.2 1416/udp Novell LU6.2
  • timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
  • timbuktu-srv2 1418/tcp Timbuktu Service 2 Port
  • timbuktu-srv3 1419/tcp Timbuktu Service 3 Port
  • timbuktu-srv4 1420/tcp Timbuktu Service 4 Port
  • gandalf-lm 1421/tcp Gandalf License Manager
  • gandalf-lm 1421/udp Gandalf License Manager
  • autodesk-lm 1422/tcp Autodesk License Manager
  • autodesk-lm 1422/udp Autodesk License Manager
  • essbase 1423/tcp Essbase Arbor Software
  • essbase 1423/udp Essbase Arbor Software
  • hybrid 1424/tcp Hybrid Encryption Protocol
  • hybrid 1424/udp Hybrid Encryption Protocol
  • zion-lm 1425/tcp Zion Software License Manager
  • zion-lm 1425/udp Zion Software License Manager
  • sas-1 1426/tcp Satellite-data Acquisition System 1
  • sas-1 1426/udp Satellite-data Acquisition System 1
  • mloadd 1427/tcp mloadd monitoring tool
  • mloadd 1427/udp mloadd monitoring tool
  • informatik-lm 1428/tcp Informatik License Manager
  • informatik-lm 1428/udp Informatik License Manager
  • nms 1429/tcp Hypercom NMS
  • nms 1429/udp Hypercom NMS
  • tpdu 1430/tcp Hypercom TPDU
  • tpdu 1430/udp Hypercom TPDU
  • rgtp 1431/tcp Reverse Gossip Transport
  • rgtp 1431/udp Reverse Gossip Transport
  • blueberry-lm 1432/tcp Blueberry Software License Manager
  • blueberry-lm 1432/udp Blueberry Software License Manager
  • ms-sql-s 1433/tcp Microsoft-SQL-Server
  • ms-sql-m 1434/tcp Microsoft-SQL-Monitor
  • ms-sql-m 1434/udp Microsoft-SQL-Monitor
  • ibm-cics 1435/tcp IBM CISC
  • ibm-cics 1435/udp IBM CISC
  • sas-2 1436/tcp Satellite-data Acquisition System 2
  • sas-2 1436/udp Satellite-data Acquisition System 2
  • tabula 1437/tcp Tabula
  • tabula 1437/udp Tabula
  • eicon-server 1438/tcp Eicon Security Agent/Server
  • eicon-server 1438/udp Eicon Security Agent/Server
  • eicon-x25 1439/tcp Eicon X25/SNA Gateway
  • eicon-x25 1439/udp Eicon X25/SNA Gateway
  • eicon-slp 1440/tcp Eicon Service Location Protocol
  • eicon-slp 1440/udp Eicon Service Location Protocol
  • cadis-1 1441/tcp Cadis License Management
  • cadis-1 1441/udp Cadis License Management
  • cadis-2 1442/tcp Cadis License Management
  • cadis-2 1442/udp Cadis License Management
  • ies-lm 1443/tcp Integrated Engineering Software
  • ies-lm 1443/udp Integrated Engineering Software
  • marcam-lm 1444/tcp Marcam License Management
  • marcam-lm 1444/udp Marcam License Management
  • proxima-lm 1445/tcp Proxima License Manager
  • proxima-lm 1445/udp Proxima License Manager
  • ora-lm 1446/tcp Optical Research Associates License Manager
  • ora-lm 1446/udp Optical Research Associates License Manager
  • apri-lm 1447/tcp Applied Parallel Research LM
  • apri-lm 1447/udp Applied Parallel Research LM
  • oc-lm 1448/tcp OpenConnect License Manager
  • oc-lm 1448/udp OpenConnect License Manager
  • peport 1449/tcp PEport
  • peport 1449/udp PEport
  • dwf 1450/tcp Tandem Distributed Workbench Facility
  • dwf 1450/udp Tandem Distributed Workbench Facility
  • infoman 1451/tcp IBM Information Management
  • infoman 1451/udp IBM Information Management
  • gtegsc-lm 1452/tcp GTE Government Systems License Man
  • gtegsc-lm 1452/udp GTE Government Systems License Man
  • genie-lm 1453/tcp Genie License Manager
  • genie-lm 1453/udp Genie License Manager
  • interhdl_elmd 1454/tcp interHDL License Manager
  • interhdl_elmd 1454/tcp interHDL License Manager
  • esl-lm 1455/tcp ESL License Manager
  • esl-lm 1455/udp ESL License Manager
  • dca 1456/tcp DCA
  • dca 1456/udp DCA
  • valisys-lm 1457/tcp Valisys License Manager
  • valisys-lm 1457/udp Valisys License Manager
  • nrcabq-lm 1458/tcp Nichols Research Corp.
  • nrcabq-lm 1458/udp Nichols Research Corp.
  • proshare1 1459/tcp Proshare Notebook Application
  • proshare1 1459/udp Proshare Notebook Application
  • proshare2 1460/tcp Proshare Notebook Application
  • proshare2 1460/udp Proshare Notebook Application
  • ibm_wrless_lan 1461/tcp IBM Wireless LAN
  • ibm_wrless_lan 1461/udp IBM Wireless LAN
  • world-lm 1462/tcp World License Manager
  • world-lm 1462/udp World License Manager
  • nucleus 1463/tcp Nucleus
  • nucleus 1463/udp Nucleus
  • msl_lmd 1464/tcp MSL License Manager
  • msl_lmd 1464/udp MSL License Manager
  • pipes 1465/tcp Pipes Platform
  • pipes 1465/udp Pipes Platform mfarlin@peerlogic.com
  • oceansoft-lm 1466/tcp Ocean Software License Manager
  • oceansoft-lm 1466/udp Ocean Software License Manager
  • csdmbase 1467/tcp CSDMBASE
  • csdmbase 1467/udp CSDMBASE
  • csdm 1468/tcp CSDM
  • csdm 1468/udp CSDM
  • aal-lm 1469/tcp Active Analysis Limited License Manager
  • aal-lm 1469/udp Active Analysis Limited License Manager
  • uaiact 1470/tcp Universal Analytics
  • uaiact 1470/udp Universal Analytics
  • csdmbase 1471/tcp csdmbase
  • csdmbase 1471/udp csdmbase
  • csdm 1472/tcp csdm
  • csdm 1472/udp csdm
  • openmath 1473/tcp OpenMath
  • openmath 1473/udp OpenMath
  • telefinder 1474/tcp Telefinder
  • telefinder 1474/udp Telefinder
  • taligent-lm 1475/tcp Taligent License Manager
  • taligent-lm 1475/udp Taligent License Manager
  • clvm-cfg 1476/tcp clvm-cfg
  • clvm-cfg 1476/udp clvm-cfg
  • ms-sna-server 1477/tcp ms-sna-server
  • ms-sna-base 1478/tcp ms-sna-base
  • ms-sna-base 1478/udp ms-sna-base
  • dberegister 1479/tcp dberegister
  • dberegister 1479/udp dberegister
  • pacerforum 1480/tcp PacerForum
  • pacerforum 1480/udp PacerForum
  • airs 1481/tcp AIRS
  • airs 1481/udp AIRS
  • miteksys-lm 1482/tcp Miteksys License Manager
  • miteksys-lm 1482/udp Miteksys License Manager
  • afs 1483/tcp AFS License Manager
  • afs 1483/udp AFS License Manager
  • confluent 1484/tcp Confluent License Manager
  • confluent 1484/udp Confluent License Manager
  • lansource 1485/tcp LANSource
  • lansource 1485/udp LANSource
  • nms_topo_serv 1486/tcp nms_topo_serv
  • nms_topo_serv 1486/udp nms_topo_serv
  • localinfosrvr 1487/tcp LocalInfoSrvr
  • localinfosrvr 1487/udp LocalInfoSrvr
  • docstor 1488/tcp DocStor
  • docstor 1488/udp DocStor
  • dmdocbroker 1489/tcp dmdocbroker
  • dmdocbroker 1489/udp dmdocbroker
  • insitu-conf 1490/tcp insitu-conf
  • insitu-conf 1490/udp insitu-conf
  • anynetgateway 1491/tcp anynetgateway
  • anynetgateway 1491/udp anynetgateway
  • stone-design-1 1492/tcp stone-design-1
  • stone-design-1 1492/udp stone-design-1
  • netmap_lm 1493/tcp netmap_lm
  • netmap_lm 1493/udp netmap_lm
  • ica 1494/tcp ica
  • ica 1494/udp ica
  • cvc 1495/tcp cvc
  • cvc 1495/udp cvc
  • liberty-lm 1496/tcp liberty-lm
  • liberty-lm 1496/udp liberty-lm
  • rfx-lm 1497/tcp rfx-lm
  • rfx-lm 1497/udp rfx-lm
  • watcom-sql 1498/tcp Watcom-SQL
  • watcom-sql 1498/udp Watcom-SQL
  • fhc 1499/tcp Federico Heinz Consultora
  • fhc 1499/udp Federico Heinz Consultora
  • vlsi-lm 1500/tcp VLSI License Manager
  • vlsi-lm 1500/udp VLSI License Manager
  • sas-3 1501/tcp Satellite-data Acquisition System 3
  • sas-3 1501/udp Satellite-data Acquisition System 3
  • shivadiscovery 1502/tcp Shiva
  • shivadiscovery 1502/udp Shiva
  • imtc-mcs 1503/tcp Databeam
  • imtc-mcs 1503/udp Databeam
  • evb-elm 1504/tcp EVB Software Engineering License Manager
  • evb-elm 1504/udp EVB Software Engineering License Manager
  • funkproxy 1505/tcp Funk Software, Inc.
  • funkproxy 1505/udp Funk Software, Inc.
  • utcd 1506/tcp Universal Time daemon (utcd)
  • utcd 1506/udp Universal Time daemon (utcd)
  • symplex 1507/tcp symplex
  • symplex 1507/udp symplex
  • diagmond 1508/tcp diagmond
  • diagmond 1508/udp diagmond
  • robcad-lm 1509/tcp Robcad, Ltd. License Manager
  • robcad-lm 1509/udp Robcad, Ltd. License Manager
  • mvx-lm 1510/tcp Midland Valley Exploration Ltd. Lic. Man.
  • mvx-lm 1510/udp Midland Valley Exploration Ltd. Lic. Man.
  • 3l-l1 1511/tcp 3l-l1
  • 3l-l1 1511/udp 3l-l1
  • wins 1512/tcp Microsoft’s Windows Internet Name Service
  • wins 1512/udp Microsoft’s Windows Internet Name Service
  • fujitsu-dtc 1513/tcp Fujitsu DTC
  • fujitsu-dtc 1513/udp Fujitsu DTC
  • fujitsu-dtcns 1514/tcp Fujitsu DTCNS
  • fujitsu-dtcns 1514/udp Fujitsu DTCNS
  • ifor-protocol 1515/tcp ifor-protocol
  • ifor-protocol 1515/udp ifor-protocol
  • vpad 1516/tcp Virtual Places Audio data
  • vpad 1516/udp Virtual Places Audio data
  • vpac 1517/tcp Virtual Places Audio control
  • vpac 1517/udp Virtual Places Audio control
  • vpvd 1518/tcp Virtual Places Video data
  • vpvd 1518/udp Virtual Places Video data
  • vpvc 1519/tcp Virtual Places Video control
  • vpvc 1519/udp Virtual Places Video control
  • atm-zip-office 1520/tcp atm zip office
  • atm-zip-office 1520/udp atm zip office
  • ncube-lm 1521/tcp nCube License Manager
  • ncube-lm 1521/udp nCube License Manager
  • rna-lm 1522/tcp Ricardo North America License Manager
  • rna-lm 1522/udp Ricardo North America License Manager
  • cichild-lm 1523/tcp cichild
  • cichild-lm 1523/udp cichild
  • ingreslock 1524/tcp ingres
  • ingreslock 1524/udp ingres
  • orasrv 1525/tcp oracle
  • orasrv 1525/udp oracle
  • prospero-np 1525/tcp Prospero Directory Service non-priv
  • pdap-np 1526/tcp Prospero Data Access Prot non-priv
  • tlisrv 1527/tcp oracle
  • tlisrv 1527/udp oracle
  • mciautoreg 1528/tcp micautoreg
  • mciautoreg 1528/udp micautoreg
  • coauthor 1529/tcp oracle
  • coauthor 1529/udp oracle
  • rap-service 1530/tcp rap-service
  • rap-service 1530/udp rap-service
  • rap-listen 1531/tcp rap-listen
  • rap-listen 1531/udp rap-listen
  • miroconnect 1532/tcp miroconnect
  • miroconnect 1532/udp miroconnect
  • virtual-places 1533/tcp Virtual Places Software
  • virtual-places 1533/udp Virtual Places Software
  • micromuse-lm 1534/tcp micromuse-lm
  • micromuse-lm 1534/udp micromuse-lm
  • ampr-info 1535/tcp ampr-info
  • ampr-info 1535/udp ampr-info
  • ampr-inter 1536/tcp ampr-inter
  • ampr-inter 1536/udp ampr-inter
  • sdsc-lm 1537/tcp isi-lm
  • sdsc-lm 1537/udp isi-lm
  • 3ds-lm 1538/tcp 3ds-lm
  • 3ds-lm 1538/udp 3ds-lm
  • intellistor-lm 1539/tcp Intellistor License Manager
  • intellistor-lm 1539/udp Intellistor License Manager
  • rds 1540/tcp rds
  • rds 1540/udp rds
  • PortMaster 1541/tcp PortMaster for SSL
  • rds2 1541/tcp rds2
  • rds2 1541/udp rds2
  • gridgen-elmd 1542/tcp gridgen-elmd
  • gridgen-elmd 1542/udp gridgen-elmd
  • simba-cs 1543/tcp simba-cs
  • simba-cs 1543/udp simba-cs
  • aspeclmd 1544/tcp aspeclmd
  • aspeclmd 1544/udp aspeclmd
  • vistium-share 1545/tcp vistium-share
  • vistium-share 1545/udp vistium-share
  • issd 1600/tcp
  • issd 1600/udp
  • nkd 1650/tcp
  • nkd 1650/udp
  • shiva_confsrvr 1651/tcp shiva_confsrvr
  • shiva_confsrvr 1651/udp shiva_confsrvr
  • xnmp 1652/tcp xnmp
  • xnmp 1652/udp xnmp
  • netview-aix-1 1661/tcp netview-aix-1
  • netview-aix-1 1661/udp netview-aix-1
  • netview-aix-2 1662/tcp netview-aix-2
  • netview-aix-2 1662/udp netview-aix-2
  • netview-aix-3 1663/tcp netview-aix-3
  • netview-aix-3 1663/udp netview-aix-3
  • netview-aix-4 1664/tcp netview-aix-4
  • netview-aix-4 1664/udp netview-aix-4
  • netview-aix-5 1665/tcp netview-aix-5
  • netview-aix-5 1665/udp netview-aix-5
  • netview-aix-6 1666/tcp netview-aix-6
  • netview-aix-6 1666/udp netview-aix-6
  • netview-aix-7 1667/tcp netview-aix-7
  • netview-aix-7 1667/udp netview-aix-7
  • netview-aix-8 1668/tcp netview-aix-8
  • netview-aix-8 1668/udp netview-aix-8
  • netview-aix-9 1669/tcp netview-aix-9
  • netview-aix-9 1669/udp netview-aix-9
  • netview-aix-10 1670/tcp netview-aix-10
  • netview-aix-10 1670/udp netview-aix-10
  • netview-aix-11 1671/tcp netview-aix-11
  • netview-aix-11 1671/udp netview-aix-11
  • netview-aix-12 1672/tcp netview-aix-12
  • netview-aix-12 1672/udp netview-aix-12
  • licensedaemon 1986/tcp cisco license management
  • licensedaemon 1986/udp cisco license management
  • tr-rsrb-p1 1987/tcp cisco RSRB Priority 1 port
  • tr-rsrb-p1 1987/udp cisco RSRB Priority 1 port
  • tr-rsrb-p2 1988/tcp cisco RSRB Priority 2 port
  • tr-rsrb-p2 1988/udp cisco RSRB Priority 2 port
  • tr-rsrb-p3 1989/tcp cisco RSRB Priority 3 port
  • tr-rsrb-p3 1989/udp cisco RSRB Priority 3 port
  • mshnet 1989/tcp MHSnet system
  • mshnet 1989/udp MHSnet system
  • stun-p1 1990/tcp cisco STUN Priority 1 port
  • stun-p1 1990/udp cisco STUN Priority 1 port
  • stun-p2 1991/tcp cisco STUN Priority 2 port
  • stun-p2 1991/udp cisco STUN Priority 2 port
  • stun-p3 1992/tcp cisco STUN Priority 3 port
  • stun-p3 1992/udp cisco STUN Priority 3 port
  • ipsendmsg 1992/tcp IPsendmsg
  • ipsendmsg 1992/udp IPsendmsg
  • snmp-tcp-port 1993/tcp cisco SNMP TCP port
  • snmp-tcp-port 1993/udp cisco SNMP TCP port
  • stun-port 1994/tcp cisco serial tunnel port
  • stun-port 1994/udp cisco serial tunnel port
  • perf-port 1995/tcp cisco perf port
  • perf-port 1995/udp cisco perf port
  • tr-rsrb-port 1996/tcp cisco Remote SRB port
  • tr-rsrb-port 1996/udp cisco Remote SRB port
  • gdp-port 1997/tcp cisco Gateway Discovery Protocol
  • gdp-port 1997/udp cisco Gateway Discovery Protocol
  • x25-svc-port 1998/tcp cisco X.25 service (XOT)
  • x25-svc-port 1998/udp cisco X.25 service (XOT)
  • tcp-id-port 1999/tcp cisco identification port
  • tcp-id-port 1999/udp cisco identification port
  • callbook 2000/tcp
  • callbook 2000/udp
  • dc 2001/tcp
  • wizard 2001/udp curry
  • globe 2002/tcp
  • globe 2002/udp
  • mailbox 2004/tcp
  • emce 2004/udp CCWS mm conf
  • berknet 2005/tcp
  • oracle 2005/udp
  • invokator 2006/tcp
  • raid-cc 2006/udp raid
  • dectalk 2007/tcp
  • raid-am 2007/udp
  • conf 2008/tcp
  • terminaldb 2008/udp
  • news 2009/tcp
  • whosockami 2009/udp
  • search 2010/tcp
  • pipe_server 2010/udp
  • raid-cc 2011/tcp raid
  • servserv 2011/udp
  • ttyinfo 2012/tcp
  • raid-ac 2012/udp
  • raid-am 2013/tcp
  • raid-cd 2013/udp
  • troff 2014/tcp
  • raid-sf 2014/udp
  • cypress 2015/tcp
  • raid-cs 2015/udp
  • bootserver 2016/tcp
  • bootserver 2016/udp
  • cypress-stat 2017/tcp
  • bootclient 2017/udp
  • terminaldb 2018/tcp
  • rellpack 2018/udp
  • whosockami 2019/tcp
  • about 2019/udp
  • xinupageserver 2020/tcp
  • xinupageserver 2020/udp
  • servexec 2021/tcp
  • xinuexpansion1 2021/udp
  • down 2022/tcp
  • xinuexpansion2 2022/udp
  • xinuexpansion3 2023/tcp
  • xinuexpansion3 2023/udp
  • xinuexpansion4 2024/tcp
  • xinuexpansion4 2024/udp
  • ellpack 2025/tcp
  • xribs 2025/udp
  • scrabble 2026/tcp
  • scrabble 2026/udp
  • shadowserver 2027/tcp
  • shadowserver 2027/udp
  • submitserver 2028/tcp
  • submitserver 2028/udp
  • device2 2030/tcp
  • device2 2030/udp
  • blackboard 2032/tcp
  • blackboard 2032/udp
  • glogger 2033/tcp
  • glogger 2033/udp
  • scoremgr 2034/tcp
  • scoremgr 2034/udp
  • imsldoc 2035/tcp
  • imsldoc 2035/udp
  • objectmanager 2038/tcp
  • objectmanager 2038/udp
  • lam 2040/tcp
  • lam 2040/udp
  • interbase 2041/tcp
  • interbase 2041/udp
  • isis 2042/tcp
  • isis 2042/udp
  • isis-bcast 2043/tcp
  • isis-bcast 2043/udp
  • rimsl 2044/tcp
  • rimsl 2044/udp
  • cdfunc 2045/tcp
  • cdfunc 2045/udp
  • sdfunc 2046/tcp
  • sdfunc 2046/udp
  • dls 2047/tcp
  • dls 2047/udp
  • dls-monitor 2048/tcp
  • dls-monitor 2048/udp
  • shilp 2049/tcp
  • shilp 2049/udp
  • dlsrpn 2065/tcp Data Link Switch Read Port Number
  • dlswpn 2067/tcp Data Link Switch Write Port Number
  • ats 2201/tcp Advanced Training System Program
  • ats 2201/udp Advanced Training System Program
  • ivs-video 2232/tcp IVS Video default
  • ivs-video 2232/udp IVS Video default
  • ivsd 2241/tcp IVS Daemon
  • ivsd 2241/udp IVS Daemon
  • rtsserv 2500/tcp Resource Tracking system server
  • rtsserv 2500/udp Resource Tracking system server
  • rtsclient 2501/tcp Resource Tracking system client
  • rtsclient 2501/udp Resource Tracking system client
  • hp-3000-telnet 2564/tcp HP 3000 NS/VT block mode telnet
  • www-dev 2784/tcp world wide web – development
  • www-dev 2784/udp world wide web – development
  • NSWS 3049/tcp
  • NSWS 3049/udp
  • vmodem 3141/tcp VMODEM
  • vmodem 3141/udp VMODEM
  • ccmail 3264/tcp cc:mail/lotus
  • ccmail 3264/udp cc:mail/lotus
  • dec-notes 3333/tcp DEC Notes
  • dec-notes 3333/udp DEC Notes
  • mapper-nodemgr 3984/tcp MAPPER network node manager
  • mapper-nodemgr 3984/udp MAPPER network node manager
  • mapper-mapethd 3985/tcp MAPPER TCP/IP server
  • mapper-mapethd 3985/udp MAPPER TCP/IP server
  • mapper-ws_ethd 3986/tcp MAPPER workstation server
  • mapper-ws_ethd 3986/udp MAPPER workstation server
  • bmap 3421/tcp Bull Apprise portmapper
  • bmap 3421/udp Bull Apprise portmapper
  • prsvp 3455/tcp RSVP Port
  • prsvp 3455/udp RSVP Port
  • vat 3456/tcp VAT default data
  • vat 3456/udp VAT default data
  • vat-control 3457/tcp VAT default control
  • vat-control 3457/udp VAT default control
  • udt_os 3900/tcp Unidata UDT OS
  • udt_os 3900/udp Unidata UDT OS
  • netcheque 4008/tcp NetCheque accounting
  • netcheque 4008/udp NetCheque accounting
  • nuts_dem 4132/tcp NUTS Daemon
  • nuts_dem 4132/udp NUTS Daemon
  • nuts_bootp 4133/tcp NUTS Bootp Server
  • nuts_bootp 4133/udp NUTS Bootp Server
  • unicall 4343/tcp UNICALL
  • unicall 4343/udp UNICALL
  • krb524 4444/tcp KRB524
  • krb524 4444/udp KRB524
  • nv-video 4444/tcp NV Video default
  • nv-video 4444/udp NV Video default
  • rfa 4672/tcp remote file access server
  • rfa 4672/udp remote file access server
  • commplex-main 5000/tcp
  • commplex-main 5000/udp
  • commplex-link 5001/tcp
  • commplex-link 5001/udp
  • rfe 5002/tcp radio free ethernet
  • rfe 5002/udp radio free ethernet
  • telelpathstart 5010/tcp TelepathStart
  • telelpathstart 5010/udp TelepathStart
  • telelpathattack 5011/tcp TelepathAttack
  • telelpathattack 5011/udp TelepathAttack
  • mmcc 5050/tcp multimedia conference control tool
  • mmcc 5050/udp multimedia conference control tool
  • rmonitor_secure 5145/tcp
  • rmonitor_secure 5145/udp
  • aol 5190/tcp America-Online
  • aol 5190/udp America-Online
  • aol-1 5191/tcp AmericaOnline1
  • aol-1 5191/udp AmericaOnline1
  • aol-2 5192/tcp AmericaOnline2
  • aol-2 5192/udp AmericaOnline2
  • aol-3 5193/tcp AmericaOnline3
  • aol-3 5193/udp AmericaOnline3
  • padl2sim 5236/tcp
  • padl2sim 5236/udp
  • hacl-local 5304/tcp
  • hacl-local 5304/udp
  • hacl-test 5305/tcp
  • hacl-test 5305/udp
  • proshareaudio 5713/tcp proshare conf audio
  • proshareaudio 5713/udp proshare conf audio
  • prosharevideo 5714/tcp proshare conf video
  • prosharevideo 5714/udp proshare conf video
  • prosharedata 5715/tcp proshare conf data
  • prosharedata 5715/udp proshare conf data
  • prosharerequest 5716/tcp proshare conf request
  • prosharerequest 5716/udp proshare conf request
  • prosharenotify 5717/tcp proshare conf notify
  • prosharenotify 5717/udp proshare conf notify
  • x11 6000-6063/tcp X Window System
  • x11 6000-6063/udp X Window System
  • softcm 6110/tcp HP SoftBench CM
  • softcm 6110/udp HP SoftBench CM
  • spc 6111/tcp HP SoftBench Sub-Process Control
  • spc 6111/udp HP SoftBench Sub-Process Control
  • meta-corp 6141/tcp Meta Corporation License Manager
  • meta-corp 6141/udp Meta Corporation License Manager
  • aspentec-lm 6142/tcp Aspen Technology License Manager
  • aspentec-lm 6142/udp Aspen Technology License Manager
  • watershed-lm 6143/tcp Watershed License Manager
  • watershed-lm 6143/udp Watershed License Manager
  • statsci1-lm 6144/tcp StatSci License Manager – 1
  • statsci1-lm 6144/udp StatSci License Manager – 1
  • statsci2-lm 6145/tcp StatSci License Manager – 2
  • statsci2-lm 6145/udp StatSci License Manager – 2
  • lonewolf-lm 6146/tcp Lone Wolf Systems License Manager
  • lonewolf-lm 6146/udp Lone Wolf Systems License Manager
  • montage-lm 6147/tcp Montage License Manager
  • montage-lm 6147/udp Montage License Manager
  • ricardo-lm 6148/tcp Ricardo North America License Manager
  • ricardo-lm 6148/udp Ricardo North America License Manager
  • xdsxdm 6558/tcp
  • xdsxdm 6558/udp
  • acmsoda 6969/tcp acmsoda
  • acmsoda 6969/udp acmsoda
  • afs3-fileserver 7000/tcp file server itself
  • afs3-fileserver 7000/udp file server itself
  • afs3-callback 7001/tcp callbacks to cache managers
  • afs3-callback 7001/udp callbacks to cache managers
  • afs3-prserver 7002/tcp users & groups database
  • afs3-prserver 7002/udp users & groups database
  • afs3-vlserver 7003/tcp volume location database
  • afs3-vlserver 7003/udp volume location database
  • afs3-kaserver 7004/tcp AFS/Kerberos authentication service
  • afs3-kaserver 7004/udp AFS/Kerberos authentication service
  • afs3-volser 7005/tcp volume managment server
  • afs3-volser 7005/udp volume managment server
  • afs3-errors 7006/tcp error interpretation service
  • afs3-errors 7006/udp error interpretation service
  • afs3-bos 7007/tcp basic overseer process
  • afs3-bos 7007/udp basic overseer process
  • afs3-update 7008/tcp server-to-server updater
  • afs3-update 7008/udp server-to-server updater
  • afs3-rmtsys 7009/tcp remote cache manager service
  • afs3-rmtsys 7009/udp remote cache manager service
  • ups-onlinet 7010/tcp onlinet uninterruptable power supplies
  • ups-onlinet 7010/udp onlinet uninterruptable power supplies
  • font-service 7100/tcp X Font Service
  • font-service 7100/udp X Font Service
  • fodms 7200/tcp FODMS FLIP
  • fodms 7200/udp FODMS FLIP
  • man 9535/tcp
  • man 9535/udp
  • sd 9876/tcp Session Director
  • sd 9876/udp Session Director
  • isode-dua 17007/tcp
  • isode-dua 17007/udp
  • biimenu 18000/tcp Beckman Instruments, Inc.
  • biimenu 18000/udp Beckman Instruments, Inc.
  • dbbrowse 47557/tcp Databeam Corporation
  • dbbrowse 47557/udp Databeam Corporation

    REFERENCES

    [RFC768] Postel, J., “User Datagram Protocol”, STD 6, RFC 768, USC/Information Sciences Institute, August 1980.[RFC793]Postel, J., ed., “Transmission Control Protocol – DARPA Internet Program Protocol Specification”, STD 7, RFC 793, USC/Information Sciences Institute, September 1981.

 

 

Security Specifications and Initiatives

Throughout the internet community, there are many groups working on resolving a variety of security related issues online.    The activities cover all aspects of internet security and networking in general from authentication, firewalls, one time passwords, public key infrastructure, transport layer security and much more.

Many of the most important security protocols, initiatives and specifications being developed can be researched at the following groups.

TCSEC (Trusted Computer System Evaluation Criteria)

These are requirements for secure products as defined by the US National Security Agency.   These are important standards which many US and global companies use in establishing base lines for their computer and network infrastructure.    You will often hear these standards referred to as the ‘Orange book’.

CAPI (Crypto API)

CAPI is an application programming interface developed by Microsoft which makes it much easier for developers to create applications which incorporate both encryption and digital signatures.

CDSA (Common Data Security Architecture) 

CDSA is a security reference standard primarily designed to help develop applications which take advantage of other software security mechanisms.   Although not initially widely used, CDSA has since been accepted by the Open Group for evaluation and technical companies usch as IBM, Netscape and Intel have aided in developing the standard further.  It is important for a disparate communication medium such as the internet to have open and inter-operable standards for applications and software.   The standard also includes an expansion platform for future developments and improvements in security elements and architecture.

GSS-API – (Generic Security Services API)

The GSS-API is a higher level interface that enables applications and software an interface into security technologies.  For example it can act as a gateway into private and public key infrastructure and technologies.

This list is of course, a long way from being complete and because of the fast paced development of security technologies it’s very likely to change greatly.   It should be remembered that although there is an obvious requirement for security at the server level,   securing applications and software on the client is also important.   Client side security is often more of a challenge due to different platforms and a lack of standards – configuration settings on every computer are likely to be different.

Many people now take security and privacy extremely seriously, especially now that so much of our lives involve online activities.  Using encryption and some sort of IP cloaker like this to provide anonymity is extremely common.  Most of these security services are provided by third parties through specialised software.   Again incorporating these into some sort of common security standard is a sensible option yet somewhat difficult to achieve.

Further Reading: Netflix VPN Problem, Haber Press, 2015

Certificate Based Client Authentication

One of the most important features of SSL is it’s ability to authenticate based on SSL certificates.  Often people fail to understand that this certificate based authentication can only be used when SSL is functioning, it is not accessible in other situations.    Take for example the more common example on the web of insecure HTTP exchanges – this means that SSL certificate based authentication is not available.  The only option here is to control access by using basic username password authentication.  This represents possibly the biggest security issue on the internet today because this also takes place in clear text too!

Another common misconception is with regards the SSL sessions themselves.  SSL sessions are established between two endpoints.  The session may go through a SSL tunnel which is effectively a forward proxy server.    However secure reverse proxying is not SSL tunnelling it’s probably better described as HTTPS proxying although this is not a commonly used term.   In this example the proxy acts as an endpoint of one SSL session, accepting the endpoint of one SSL session and forwarding the request to the origin server.

The two sessions are distinct except of course they will both be present in the cache and memory of the proxy server. An important consequence of this is that the client certificate based authentication credential are not relayed to the origin server.   The SSL session between the client and the reverse proxy server authenticates the client to the proxy server.  However the SSL session between the origin server and the proxy authenticates the server itself.   The certificate presented to the origin server is the reverse proxy’s certificate and the origin server has no knowledge of the client and it’s certificate.

Just to summarise this is the ability to authenticate the client to the origin server though the reverse proxy server.

In these situations where client based certificate based authentication and access control are required, the role would have to be performed by the reverse proxy serve.  In other words the access control function has been delegated to the proxy server.  Currently there is no protocol available for for transferring access control data from the origin server to the reverse proxy server.    However there are situations in advanced networks where the access control lists can be stored in an LDAP server for example in Windows Active directory domains.   This enables all unverified connections to be controlled, e’g blocking BBC VPN connections from  including outbound client requests to the media servers.

The reverse proxy could be described in this situation as operating as a web server.  Indeed the authentication required by the reverse proxy is actually web server authentication not proxy server authentication.    Thus crucially the challenge status code is HTTP 401 and not 407.  This is a crucial difference and a simple way to identify the exact authentication methods which are taking place on a network if you’re troubleshooting.

 

Uses of Reverse Proxy Servers

There are actually quite a lot of reverse proxy servers in use through large corporate networks performing a variety of purposes.     However there are two distinct roles for which they are commonly used –

  • replicating Content to geographically dispersed areas
  • replicating content for load balancing

It’s a function that is not always considered for proxies, however content distribution is a logical function for any proxy server.  In fact a reverse proxy server can even be used to establish multiple replica servers of a single master to diverse locations.  Take for example if you have a multinational company with offices in countries all over the world.

It would be difficult for a single server with company wide data like templates, policies and procedures to server the entire company yet it is imperative that the integrity of any ‘copy’ is maintained.  The reverse proxies could be set up in each branch server with a slightly different address, perhaps including location in name.   These reverse proxies would pull their data from the master ensuring they were all identical.

This is quite an efficient use of the proxy in reducing bandwidth requirements across the network.  However the reverse proxies must be configured to pull changes from the master very frequently in order to ensure any changes are replicated quickly.  In fact it would be usually safer for the master server to push changes to the reverse proxies in order to ensure this.

The configuration can be complete by updating specific DNS entries in each zone.  This would mean that you could resolve – www.master.com from all of the physical locations.   That is to resolve london.master.com to point at the master server instead.

As mentioned the main issue is ensuring that changes are replicated efficiently and accurately.  In fact replication is perhaps a little too advanced a term as really the proxies are merely caching information and updating them.  So the master server has some modification to it’s content then it would push out the changes to any of the proxies online.  So messages would be sent to the uk online proxy here, then to the asian proxy and so on.

THe other main use is of course load balancing for something like a heavily loaded web server.  Any request received from a client will be distributed back to the multiple reverse proxies by using methods like DNS round robin.  This ensure that the requests are spread out evenly and one of the reverse proxies doesn’t become overloaded with requests too.  This often happened if static lists were used in rotation as the same proxy servers would be receiving the requests too frequently.

John Severn often sneaks off work to travel somewhere hot.  After all he just needs to change ip address to United Kingdom and no-one will notice his emails are coming from the Costa del Sol next to a pool.

Video Proxy Site – How to Unlock the World’s Best Media

When you read about the internet, it’s usually about how it’s constantly expanding and growing but that’s not strictly true.   Although new information is being added all the time, the reality is that much of this is often inaccessible in particular when you’re looking at videos website.

For instance take the example of one of the world’s most popular websites the BBC iPlayer. Even if you remove page titles , it contains thousands of programmes, videos and radio broadcasts and indeed is updated every single day.   It’s a wonderful resource which is continually refreshed, yet unfortunately the site is not accessible when you are located outside the United Kingdom unless you use something like a video proxy to help you. So why is so difficult to access these sites, why do people who happen to be away from home, perhaps in France Roubaix or a seaside town in Spain be constantly search for ways to unblock video pages on YouTube and the big media sites?

It’s an incredible situation, yet one that is becoming increasingly common – the internet is becoming compartmentalised, split into geographical sectors controlled by the internet’s big players.   The method used is something called geo-blocking or locking and the majority of large web sites use it to some extent. You’ll find that a particular site will remove objects based on your location, in fact some countries it’s almost impossible to watch videos on any of the major platforms.   Now the method has been criticised from all sorts of civil liberty organisations. Indeed the EU itself has made criticism which you can find here because it also undermines it’s concept of a Single Free Market.

The technology implemented varies slightly from site to site, yet it’s basically the same – record IP address and look up it’s location from a central database of addresses. So when you try and visit the BBC web site to watch a David Attenborough definition, if your IP address isn’t registered in the UK then you’ll get blocked.

Video proxy site

Planet Earth Documentaries on BBC iPlayer

It’s extremely frustrating especially for someone from the UK, and so the workarounds were created.  Now I mentioned above the concept of a video proxy to bypass these and it does work to some extent.  You bounce your connection off an intermediate proxy server based in the location you need, which effectively hides your true IP address and location and will unblock video sites easily

However it’s important to remember that from 2016 onwards simple proxies no longer work on any of the major media sites.  Forget about the thousands of simply unblock sites or free video proxy server sites that promise to bypass internet restrictions, they simply don’t work anymore. Unfortunately  without even simple ssl encrypted connections they can be detected easily and all the sites block them automatically. Some of them are still able to unblock Youtube videos but even those are fairly rare now. Many of them have been blocked at the server level and their hosting services have told them to remove scripts like Glype, Unfortunately the days of the free proxy sites and web proxies have now gone for good at least for being able to access videos sites and large multimedia companies who provide the top rated video production.

However the concept does still work just like the old video proxy method, it’s just you’ll need a securely configured VPN server which cannot be detected.   The encryption is useful giving you the insurance of anonymity whilst able to allow cookies to flow down the connection transparently too. This works in the same way hiding your real address and instead presenting the address of the VPN server.  So using this method, you can watch any media site from Hulu to Netflix and the BBC irrespective of your location.  Unfortunately most simple proxies are now blocked so even the best free proxy sites are useless for accessing media sites like these.

Here’s one in action using a proxy to watch video content from the BBC –


It’s a highly sophisticated program that will allow you to proxy video through a secure connection, also fast enough to allow you to watch video without buffering. It’s very easy to use to unblock video and you’ll find it can bypass internet filters too which are also commonly implemented. The demo version is available to test it out, it won’t function as a YouTube proxy unfortunately but you can at least use the free version to unblock Facebook.   The main program works on PCs and laptops but unlike simple unblock proxy sites you can use it as a video proxy mobile by establishing a VPN connection on your smartphone or tablet – it’s relatively simple to do.  Check out a video of it in action switching IP addresses online on this page.

There is one other method, I should mention which you can find discussed in this article here, it’s called Smart DNS and is a simpler alternative to using a VPN service.   If  you want to scale things up you’re going to need access to a bigger network it’s worth reading this article about residential proxies as a start.

It’s what literally millions of people around the world are doing right now, relaxing in the sun whilst watching the News on the BBC or their favorite US entertainment channel.  There are a lot of these services available now, but only a few that work properly.  Our recommendation doesn’t look like a TV watching VPN at first glance simply because they keep that functionality low key.    For proxy video streaming, speed is essential and that should be the first thing you assess.  This one has been working for over a decade it has supported all the major media channels in a variety of countries.

It’s called Identity Cloaker – You can try their 10 day trial here – Identity Cloaker

Buy US Proxy with Transparent Proxying

When we are discussing the technological characteristics of proxies there’s one term which you will see used very often – ‘transparent’.    It can actually be used in two distinct ways when it comes to proxies.  The first is to refer to a definition which implies transparent proxying ensures that any user will see no difference to the original request whether it goes direct to the server or through a proxy.   In an ideal world pretty much all legitimate proxies would be considered ‘transparent’.

Proxies are however significantly more advanced from the early years when this original definition was created.  The term ‘transparent proxying’ now has much more meaning.  The extended definition means that transparent proxying ensures that the client software is not aware of the existence of the proxy server in the communication stream.   This is unusual because the client was usually configured to use a proxy, perhaps by the internet settings in it’s browser configuration.    Software would then make a decision in it’s requests and perhaps distinguish between proxy and direct requests.

When transparent proxying, in it’s modern context, is used the router is programmed to redirect the request through the proxy not the client. This means that the proxy can actually be used to intercept and control all HTTP requests that are targeted by outbound connections.  The request can even be parsed or perhaps even filtered and redirected.  This control allows the network to configure access control rules on all outbound requests,  A company network could use these to ensure unsuitable requests are not being made from a corporate network e.g. illegal web sites.

This level of transparent proxying leaves the client completely unaware of the existence of an intermediate proxy server.   There are some caveats though and the proxy can be detected in certain circumstances.  For  example there is little point in investing in a USA proxy buy if the server only supports HTTP/1.1 because the protocol makes no allowance for transparency in proxying information.

One of the main issues and indeed worries is that allowing completely transparent proxying might cause other issues particularly in the client side applications.  For example one of the fundamentals of using proxies in a corporate network is to reduce traffic by caching locally.  This could cause all sorts of problems if the behaviour of the proxy cache effects communication between the destination server and the client application.

Further Reading – http://www.changeipaddress.net/us-ip-address-for-netflix/

Optimizing Proxies – Protocol Performance

The importance of the data transport protocol is of course crucial to a global information network like the world wide web.  Unfortunately the HTTP/1.0 protocol has some inherent issues which are directly related to performance which have been largely addressed in version 1.1 of the protocol.  It is expected that future developments will further improve the performance of the protocol.

One issue is related to the three way handshake that is required by TCP before it can establish the connection. It is important to remember that during this handshake phase that no application data is transferred at all.  from the user perspective the delay will simply appear as latency in getting the initial connection established.   This three way handshake involves a considerable overhear preceding data transfer and has a noticeable effect on performance particularly in busy networks.

This problem is made worse by using the HTTP 1.0 protocol which makes extensive use of new connections.  In fact every new request requires a new TCP connection to be established, complete with a new three way handshake.  This was originally implemented as a measure to boost performance because it was thought that it would avoid long lived idle connections being left dormant.  The reasoning was that it was more efficient to establish new connections when required as the data burst would be small and frequent.

However the web has not developed like this and it’s is much more than a series of short html files quickly downloaded.  Instead the web is full of large documents and pages embedded with videos and images.  Add to the the multitude of applets, code and other embedded objects and this soon adds up.  What’s more each of these objects usually has it’s own URL and so requires a separate HTTP request for each.    Even if you invest in a high quality US proxy you’ll find some impact on speed using HTTP 1.0 simply due ti the huge number of connection requests it generates.

There were modifications made to increase the perceived performance from the user perspective.  For one, the use of multiple simultaneous connections was allowed and this would allow client software like browsers to download and render multiple components on a page.  This meant that the user wasn’t left waiting as individual components were loaded separately.  However although parallel connections increase performance on an individual level, they generally have a very negative impact on the network as a whole.   The process is still inefficient and allowing parallel connections does little to mitigate this situation.

As any network administrator knows, focussing on a single aspect of network performance is rarely a good idea and will almost never improve overall network performance.    The persistent connection feature was introduced to help solve this, and was added as a non-standard extension to HTPP 1.0 and included by default with HTTP 1.1.

Further Reading: Proxies Blocked by BBC Abroad

Remote Login Methods

The ability to remotely login to a machine that’s miles away from you is perhaps one of the internet’s most popular applications.  It might not seem so, but being able to access a remote host without a hard wire connection has transformed many areas of IT particularly in support and development.   Obviously you need an account on the host that you are trying to login to, but actually using the machine as if you are at the console is extremely useful in many situations.

Two of the most famous applications for remote login access when using a TCP/IP based network (e.g like the internet) are Telnet and Rlogin.   The most famous and probably used by every IT support technician over the age of 25 is Telnet, installed as standard in almost every TCP/IP implementation.   It seems relatively simple but this actually hides some great functionality not least the ability to Telnet from one operating system to another.  It’s incredibly useful to be able to sit at a Microsoft Windows machine with multiple command interfaces open in separate windows to Unix and Linux machines at the same time.

Remember these terminal windows are actually like physically sitting at the remote host’s console.  This is is completely different from just using a web session or using something like an Italian to stream RAI player abroad like this.  Each individual character that you type is entered into the remote host, there’s no streaming, no relaying or filtering.  Obviously there are some restrictions about running a terminal windows on a completely different systems.  However Telnet does an option negotiation phase between the client and server to ensure that only services which are supported at both ends are available.

The other famous remote login application is called Rlogin which was developed from Berkeley Unix.   This application was initially only available on Unix Systems however it has been ported to most other operating systems now and you can Rlogin between Windows and Linux.  Both of these applications use the Client/Server configuration – the client is the system where the initial connection is established to the remote server which is the target.

Nowadays, the most popular of the two application – Telnet has become much more sophisticated.  Over the years lots of functionality has been added to Telnet whereas Rlogin remains quite simple and unmodified.  However it should be noted that although Rlogin lacks features, it is a simple and stable remote access application.

The author – John Herrington has worked in IT for over thirty years in a variety of roles from support to latterly Network manager at a large bank.   He now works for himself and runs one of the largest paid VPN services on the West Coast of America. He obviously works remotely a lot of the time but will rarely use Telnet as it’s too insecure!

Tracking VPN and Proxy Users

There are similar challenges for network administrators in corporate networks and those running firewalls for authoritarian regimes about the use of proxies and VPN services.  The issue is that not only do they allow individuals the freedom to conduct their internet activity without being tracked, a VPN will also prevent most aspects of logging taking place too.

If you imagine a company network it means that an individual could potentially conduct all sorts of behaviour from a company computer whilst sitting in a corporate office whilst at work.   They could be downloading films, streaming Netflix or something perhaps much more sinister even.  Obviously this is potentially a risk to both the network infrastructure and also potentially to the company’s reputation.

So how do you block the use of VPNs and proxies?  For a corporate network there are actually many more options, and the simplest is probably to stop any sort of VPN and proxy being used in the first place.   You can lock down the advanced settings in a web browser quite simply, for example the Internet Explorer Administration Kit (IEAK) allows you to configure and deploy an IE package which cannot be modified onto every client in your organisation.  This stops proxies being used manually and VPN clients can be blocked by ensuring that  standard users have no administrative access to their desktops.

It is certainly easier to block any installation than trying to track the use of VPNs particularly some of the most sophisticated ones.   For example although you could potentially monitor logs in firewalls and routers for specific IP addresses which looked like VPNs some services allow you to switch to a range of IP addresses – Hide My VPN like the one in this video demonstrates:

As you can see if a service is rotated then identifying the VPN by it’s IP address is much more difficult.  However blocking installation of the highlighted service Identity Cloaker can also be difficult as it has a mobile version which can be run directly from a USB disk.

You can see that proxies are fairly irrelevant today as they can be easily blocked, also most content filters can detect their use too.   Significantly their use has now dropped globally for additional reasons mainly that they are mostly detected by websites which operate regional restrictions.   It is the more sophisticated Virtual private networks which are the difficulty, particularly those equipped with various VPN hider technologies and advanced encryption.

VPN Blocking on the Rise

For years people have used VPNs for all sorts of reasons, but it’s origin lay quite simply in the security they provided.  International companies will normally insist that their employees use VPN services when remotely connecting back to their servers using the internet.  It makes sense, otherwise important information and credentials would be trusted to the owners of coffee shop wifi or the administrator of your local Premier Lodge or hotel chain.

The concept is simple, create an encrypted tunnel which ensures that all the data which normally is passed in clear text instead is encrypted and unreadable.  Of course, this security means that as well as being safe from computer criminals and identity thieves – it’s also secure from intelligence services and state controlled snoopers too.  It should come as no surprise that anyone who opposes free speech generally hates VPNs and the protection that they give.

So when we hear stories about different organisations and companies from the Netflix to the Chinese Government trying to block VPNs what are they doing.  Well it depends, obviously the situation that leads to thousands of BBC iPlayer VPN not working is going to be slightly different to the Chinese throwing billions at the great firewall of China.   However the general techniques are basically the same as a small company want to achieve the same thing.

One of the most common options is to block the ports used by these services.  Most VPN tunnelling protocols operate on standard ports, e.g using PPTP or LTP.  They need to establish these connections to transfer and receive data, without them the service won’t function.  Other methods include identifying and blocking specific IP addresses or ranges which are being used by VPN services.   It is these two methods that are mostly used by the big media companies like Hulu and the BBC.

These methods can be time consuming though and it’s possible to switch address and some services allow you to configure alternative ports too. The Chinese Government as you would expect have gone one step forward and use more sophisticated techniques like deep packet inspection.   These involved looking at the data itself to identify if a VPN is being used to transport it.  For example if you are unable to read any data because none of it’s in clear text then there is the likelihood that it is being encrypted.   Of course, there are other methods which encrypt data like SSL so you need to be careful that you don’t block other traffic, it’s a risk that the Chinese would probably be happy to take however.

Even these methods are not foolproof and VPN companies can scramble things like the meta data to make identifying the use of a VPN even harder.  It is worthwhile noting that many people in China still use VPNs routinely and so if the huge resources available to the Chinese State can’t block their use – we should be ok to have a BBC VPN like this for the foreseeable future.