Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Unknown UPnP port

08 Dec 2009   #11
dj99

Windows Vista Home Premium -> Windows 7 Home Premium
 
 

Happy Birthday, Damob9k!


My System SpecsSystem Spec
.
08 Dec 2009   #12
Damob9k

Windows Seven 64bit build 7600
 
 

Cheers dj99,

On my second helping of JD now, must stop as I have to get up at 7 ... ish

Ok really need to step away from the laptop now and get some sleep !

Cheers

Damo
My System SpecsSystem Spec
08 Dec 2009   #13
logicearth

Windows 10 Pro (x64)
 
 

Quote   Quote: Originally Posted by Damob9k View Post
Browsing the web does not open any UPnP ports period! all ports relating to web browsing be it non secure http or https and ssl use port 80 and 443 and these ports are almost always open by default depending on the router in question.
I'm talking about the low level systems that UPnP and other networking protocols work on top of. Ports and other such things are part of the TCP/IP standard.

[/quote]????? How ? ....
If you open up your browser and type a HTTP address in you will connect to the end point via port 80, if you type HTTPS you will connect via 443.
The only and quite common occurrence of port switching is if you go to a web page via http, and that page requires you to use https/ssl your browser will start to communicate on that port.[/quote]

When you establish a connection to a server, you connect to port 80. However, then the server sends back a reply, it does not use port 80 on the client. The client opens an random port again in the 40000+ range. This port is what accepts the reply from the server. The client send commands to port 80, the server send commands to a random port defined by the client.

Obviously this port you are trying to close is important enough to keep open and or is required for doing the task at hand. Why else would UPnP override the firewall if you blocked it?

If you want to waste your time goose chasing a dynamic/random port that can be used by any network service then go ahead. However, it is all rather pointless if that port is completely blocked by the routers firewall from remote access (AKA., the internet.) Use shields up if you want to be sure.

Shields Up:
https://www.grc.com/x/ne.dll?bh0bkyd2
My System SpecsSystem Spec
.

09 Dec 2009   #14
Damob9k

Windows Seven 64bit build 7600
 
 

Look I am sorry logicearth,

But you are just wrong !
The low level system that you are referring to IS UDP & TPC/IP.

Quote:
When you establish a connection to a server, you connect to port 80. However, then the server sends back a reply, it does not use port 80 on the client. The client opens an random port again in the 40000+ range. This port is what accepts the reply from the server. The client send commands to port 80, the server send commands to a random port defined by the client.
Again , you are incorrect, Web browsers are designed to work on specific ports, you can change these ports for ssl, https , ftp and socks in the browser config, but only if the server you are connecting to is configured the same way.
Which ever port you set it to will be the listening port for http or https etc.
How could you configure a firewall to protect your network from attacks if the server you connect to is replying on a randon port, you couldn't !

Quote:
Obviously this port you are trying to close is important enough to keep open and or is required for doing the task at hand.
Operating systems them selves don't instigate opening of ports via UPnP, applications and devises do.
There for it is an application that is doing this, and as I have not installed any applications that use UPnP on this pc and very few applications do automatically start using UPnP (you generally have to tell them to use it) there is something odd about this, hence my investigations.

Quote:
Why else would UPnP override the firewall if you blocked it?
As I have already said... this is the basic function of UPnP. It wouldn't be very affective if it didn't create a firewall rule, and not letting the UPnP software communicate with the outside world.

Quote:
If you want to waste your time goose chasing a dynamic/random port that can be used by any network service then go ahead. However, it is all rather pointless if that port is completely blocked by the routers firewall from remote access (AKA., the internet.) Use shields up if you want to be sure.
The only thing that is wasting my time and is also pointless, is replying to these incorrect and argumentative comments.
I spend most of my working day dealing with people that think they know what they are talking about, and I am not prepared to spend my personal time doing this.
I will ask the mods to lock or delete this thread if this continues.

Damob
My System SpecsSystem Spec
09 Dec 2009   #15
kegobeer

Windows 7 Ultimate x64 SP1
 
 

Damob, have you used TCPView to see your open ports?

TCPView for Windows

It may help shed light on this odd port. Also, is there a similar port opened on your other Windows 7 computer?
My System SpecsSystem Spec
09 Dec 2009   #16
Damob9k

Windows Seven 64bit build 7600
 
 

Hi Kegobeer,

Yep have tried tpcview, current port ,openport scanner and run a full HJT scan (all latests versions)

And nothing gives any associated ip !

New development and a overall solution:

Today it has started to open port 61958 UDP instead of the previous one !
I have ran a full virus scan with nod32, and it comes up with nothing.
And have disabled the only startup apps (iMon and soundmanager) and temporarily disabled all non essential services , and after that it still opens this port

So in the interest of my sanity, I have disabled UPnP and network discovery on this PC, which solves the problem but does not explain it. Which I find very annoying, but nethermind !

Many thanks for your input my friends.

Damob

PS if I do suddenly have a brainwave and find what is doing this I will update the post so that others don't go through the same shenanigans.
My System SpecsSystem Spec
09 Dec 2009   #17
DC187

Windows 7 Ultimate x64
 
 

Have you checked the Windows Event Log for messages such as:

UPnP Action: 'AddPortMapping' from IP=x.x.x.x (Success)

If so when are these messages logged?

Since this is a clean install of Windows have you tried disabling the SSDP Service?
If not try that and see if the issue persists.

I'm wondering if this is somehow related to teredo...
My System SpecsSystem Spec
09 Dec 2009   #18
DC187

Windows 7 Ultimate x64
 
 

BTW I don't know anyone in their right mind that enables UPnP, it's such an easy technology to exploit from the internet if it's enabled on your router. Since UPnP doesn't support any authentication it almost makes it a breeze to change router configs from the internet without the need for any router logon credentials.
My System SpecsSystem Spec
09 Dec 2009   #19
logicearth

Windows 10 Pro (x64)
 
 

Quote   Quote: Originally Posted by Damob9k View Post
But you are just wrong !
The low level system that you are referring to IS UDP & TPC/IP.
Why do I have to say UDP? UDP is just a subset of TCP without the overhead of handshaking.

Quote:
Again , you are incorrect, Web browsers are designed to work on specific ports,
Server are designed to work on specific ports, not "web browsers" or other client end-points.

Quote:
Which ever port you set it to will be the listening port for http or https etc.
How could you configure a firewall to protect your network from attacks if the server you connect to is replying on a randon port, you couldn't !
When opening a connection, port A is open for outbound communication to the server. At the same time port B is open for inbound communications from the server and only the server. This is called a solicited connection and these are what make it though. (Btw, the inbound port will never be the same as the outbound port, at least not for registered serveries like HTTP. Opening port 80 for outbound will not open port 80 for inbound.) (Don't even get me started on using hardware firewalls and NAT devices.)

If you do not believe me about this then just open "netstat -an" in a command prompt, all versions of Windows have it. Or review the attachment I've uploaded.

If you have UPnP devices on your network, they are going to need an outbound port while they are in the process of talking with the UPnP server. And by the looks of it, this device uses a dynamic/random port for inbound traffic from the UPnP server (aka., your computer).


Attached Images
Unknown UPnP port-untitled.jpg 
My System SpecsSystem Spec
09 Dec 2009   #20
Damob9k

Windows Seven 64bit build 7600
 
 

@DC187

No can't find any mention of UPnP Port mappings in the event log, I tried searching for the string you mentioned and have searched manually.

With SSDP and UPnP device host services disabled it does not pop up on my router.
So at the moment this is how I have left it.

Yeah I know what your saying about UPnP being weak, but I do have good reasons to use it. And from everything that I have read up on it, it seems that the most common point of attack is via remote code execution through java and other types of browser add ins. Thankfully I have not used MS Internet Destroyer for over a decade at home, I use Opera with java, and script blocking and don't tend to click on any old thing on the web

@logicearth

Ok lets just scratch all of this and start again. As I think we are just splitting hairs here and getting far too deep into the inner workings of transport protocols.
You believe that I am wrong and I feel that some of what you have said is incorrect or misleading, however I do understand and agree with some of what you are saying.
But we could be going on ad infinitum and for no real purpose, so lets just shake hands and agree to disagree on some points

Although on your point on http connections going out on port 80 but coming back on a random port designated by the client.
As far as I understood the system or subsystem,the client sends a request on port 80 and then listens on the same port, I know of but don't fully understand the principles of RCP over TCP which I am aware uses higher range upd port numbers for running other low level services.
I am not an expert on this so will leave it at that


I also do have to admit that as I have not done much reading up on the new 7 home groups and network discovery and SSDP , I was unaware of how much this is tied into UPnP.
So I was wrong by saying Windows OS's don't use UPnP for it's own purposes, as now with Windows 7 this is the case. so hands up on that one !

As mentioned above I have now disabled SSDP and UPnP client discovery and that has stopped the offending item from making a connection, and all other functions of the OS are working correctly so it is definitely not an essential OS function.
And the 3 other programs that I have installed are all working correctly.

So basically what ever it was it is not doing it now so I am happy

Thank you all ,for all of your input.


Best Regards

Damob
My System SpecsSystem Spec
Reply

 Unknown UPnP port




Thread Tools




Similar help and support threads
Thread Forum
Unknown Port Activity - Risky?
CurrPorts lists two "listening" TCP ports on the following local ports on my laptop running Win 7. 49152 (local and remote address: o.o.o.o) 49170 (local and remote address: o.o.o.o) The Process IDs of 740 and 800 do not appear in my Task Manager under services. There is no info...
System Security
UPnP activation.
Hey there. I think I should post it here because it's a Network issue. I want to turn on the UPnP because I want to host games in MW2. So any hints how to do it? I was searching the whole morning in settings but nothing. Thanks in advance.
Network & Sharing
Opening an UPnP port on windows startup
Hello fellow 7ians Just wondered if there's a way to open 2 ports via UPnP (specifically 113 and 3389) on startup, as my silly router refuses to give my computer the same IP every time. Yes, I know I could set my IP as static locally, however, I move my computer to various locations to "share"...
Network & Sharing
uPnP does not work.
Hello folks! I got an problem with my Router or PC. I am a server hoster on a game, which requires uPnP to be on. But the problem is, uPnP does not work. I tried to put on uPnP in router and turn Network Discovery on. I can see the internet gateway but it does not work. Here's an report of...
Network & Sharing
internal USB port ěs "unknown device"
Hello I`m new here, I searched this forum for something similar to my issue but didn`t find anything. I have set up an old PC for my daughter for learning and playing reasons (older games). I couldn`t find any driver for my motherboard for windows 7, so I used vista 32bit instead. My...
Hardware & Devices
Upnp
How can i enable upnp in windows 7? i like to pair my ps3 with my media server program which i just downloaded but i need to enable upnp, the only tutorial i found was this one Turn On and Enable UPnP or Network Discovery in Windows Vista » My Digital Life but that doesn't work for 7. Any...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 00:22.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App