Connection limitation of the listen port?

[junkbond]

Anyone out there can help me on this please.

I am still using Bitcomet 0.70

Set static ip in windows (192.168.1.103) and port forwarding in my router

I set my listen port to 60000

Set rules in Zonealarm for Bitcomet to get through port 60000

Everything is fine when downloading one task but when more tasks are added, BitComet starts to use other ports (randomly) other than 60000 e.g. Bitcomet attempts:

192.168.1.103:17000

192.168.1.103:17001

192.168.1.103:17002 and it just keeps going.

Then Zonealarm kicks in and flashes like firework and block all the traffic except port 60000

The only change I’ve made recently is I switch from ADSL to cable Internet connection so I increase the upload speed substantially.

Please help and many thanks

Mike Tang

[kluelos]

My first suggestion is to rid yourself of ZoneAlarm. It has a justifiably bad reputation, and there are free third-party firewalls not nearly so badly behaved. This assumes that you need a third-party firewall at all, which you really don't. The firewall built into Windows will serve most people just fine.

Your listen port is open so that other peers can initiate contact with you on that port. Thereafter, traffic moves to another, mutually agreed port. All internet applications behave this way.

ZoneAlarm assumes that you know that. Most people don't know it, so become confused and alarmed. Or they just get jaded, assume this is all supposed to happen, and just say "allow" to everything. Then when they do get infected, why, it was their own fault for allowing malware through.

Summing up, two points:

1. Nothing bad or abnormal is going on, though ZA is screaming about it.

2. Get rid of ZA, and you don't need anything but the Windows firewall, which doesn't try to ride herd on outbound traffic. That won't do you any good unless you can identify good outbound from bad, and most folk can't. So just use the Windows FW. Enable ICF and BitComet will even configure it for you, opening and closing as needed.

[Vasy]

Hi!

It is not recommended to run many tasks at once, if your upload speed is spread too wide among other tasks only the ones with slow speeds will want to connect to you.

[junkbond]

My first suggestion is to rid yourself of ZoneAlarm. It has a justifiably bad reputation, and there are free third-party firewalls not nearly so badly behaved. This assumes that you need a third-party firewall at all, which you really don't. The firewall built into Windows will serve most people just fine.

Your listen port is open so that other peers can initiate contact with you on that port. Thereafter, traffic moves to another, mutually agreed port. All internet applications behave this way.

ZoneAlarm assumes that you know that. Most people don't know it, so become confused and alarmed. Or they just get jaded, assume this is all supposed to happen, and just say "allow" to everything. Then when they do get infected, why, it was their own fault for allowing malware through.

Summing up, two points:

1. Nothing bad or abnormal is going on, though ZA is screaming about it.

2. Get rid of ZA, and you don't need anything but the Windows firewall, which doesn't try to ride herd on outbound traffic. That won't do you any good unless you can identify good outbound from bad, and most folk can't. So just use the Windows FW. Enable ICF and BitComet will even configure it for you, opening and closing as needed.

Thanks kluelos, very clear explanations.

Just in the case I need to continue using ZA for various reasons, does it solve my problem if I set a rule in ZA permitting Bitcomet to use all the TCP and UDP ports (instead of just 60000)?

Thanks for the helping hands again.

Cheers,

Mike

[greywizard]

Just in the case I need to continue using ZA for various reasons, does it solve my problem if I set a rule in ZA permitting Bitcomet to use all the TCP and UDP ports (instead of just 60000)?

Yes, it will. But I'll take a wild guess, and say that those connection attempts Zone Alarm keeps nagging you about, are outgoing connections (since you didn't clearly specify) so you'll be much better off if you just allow outgoing connections for Bitcomet on all ports and keep the incoming ones limited at your port of choice (e.g. 60000).

This way you have only one open port (for Bitcomet) not 65536.

And as a side-note, I do have to agree with kluelos that it's a pretty general consensus all over the internet security-related sites and forums that Zone Alarm is a far cry from the best choice of firewall.

Configuring and maintaining a software firewall with outbound protection, requires you to invest some time in it, and for most people, as well, to take the time to learn some basic concepts of networking in order to be able to do that. If you're one of this guys then one good and very detailed reference you can find here.

If you're not one of those guys, then as kluelos said, you're better off with the Windows firewall since since most people who use a software firewall (with outbound protection) without having a pretty good idea what they're doing, end up opening all ports to incoming connections for most applications thus winding up in a worse position than if they have stuck to the Windows firewall.

Edited September 1, 2009 by greywizard (see edit history)