• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Something opens a specific port for Internet explore.

Norton have opened a port (#8080) its called by Norton a "http-proxy". This happend all of a sudden is this malicious?

Replies

Kudos0

Re: Something opens a specific port for Internet explore.

No, a lot of programs connect to the Internet using a port 8080 http-proxy (and they do it through IE, even if you don't use IE as a browser) including Microsofts .NET. When it does it for the first time, Norton creates a rule for it and allows it. It's normal.

Kudos0

Re: Something opens a specific port for Internet explore.

Thanks for your answer.

What could be the reason for application internet explore opening a 'http-proxy' port? What kind of site could I have visisted that could have resulted in this opening of port? I didnt find much when I searched for this on the internet I also found that its often used by trojans.

Kudos0

Re: Something opens a specific port for Internet explore.

I just said why in my first post. Another program, like Microsofts NET application, does just that, connects to the Internet through an http-proxy using port 8080, and it does so through IE even if you don't use IE as a browser, and it is not connected to visiting web pages.

Kudos0

Re: Something opens a specific port for Internet explore.

Yes but I think if that were the case then .NET application would have opened this port instead of Internet explore so I guess this is rather something on a site that I have visited that makes me wonder if theres something suspicious about it.

Do you have port 8080 open (under internet explorer)?

Kudos0

Re: Something opens a specific port for Internet explore.


JE wrote:

Yes but I think if that were the case then .NET application would have opened this port instead of Internet explore


No, not when it's IE that initiates the connection. It's not .NET or whatever application is starting the process that accesses the Internet, it's IE.

Kudos0

Re: Something opens a specific port for Internet explore.

But I have already set rules for .NET optimization application in Norton. The opening of this port should have been made there instead of opening this port for internet explore (if this issue has any connection to .NET at all). Do you have this port open?

Kudos0

Re: Something opens a specific port for Internet explore.

The port isn't "open" - it is just a rule allowing IE to connect this way. When it doesn't, the port isn't open.

And no, the rule should not have been for any other program than IE. Even if another program initiates the entire process, it is not that program that makes the http-proxy connection, but IE, and thus it i IE the rule will be made for. Norton does not have such an advanced HIPS that it keeps track of child processes that way.

Kudos0

Re: Something opens a specific port for Internet explore.

But why is this particular port decided through Internet explore when Norton have been granting speicific rules for the .NET application?

Either way I cant find much that ties .NET to this specific port, could you provide some sources?

Also I accessed a site that I know use 8080 as the port and just when I entered the site, Norton was telling me that port 8080/http-proxy had been opened. So as I said earlier, visiting sites that use this port may also result in this Norton behavior.

I would also like to know if you have this port open, if not how come?

Kudos0

Re: Something opens a specific port for Internet explore.


JE wrote:

But why is this particular port decided through Internet explore when Norton have been granting specific rules for the .NET application?

Either way I can't find much that ties .NET to this specific port, could you provide some sources?

Also I accessed a site that I know use 8080 as the port and just when I entered the site, Norton was telling me that port 8080/http-proxy had been opened. So as I said earlier, visiting sites that use this port may also result in this Norton behavior.

I would also like to know if you have this port open, if not how come?



Hi, JE.  Some background information on why this happens:

1. By default, IE is set to discover whether a proxy is used for communications with IE.  Thus, if your ISP uses a "transparent-proxy"  - look that up on Google if you want to find out what it is - IE will use the ISP's proxy-cache rather than going directly to the website for the requested data.

2. The intent of the above is to speed up IE browsing, by preventing IE from having to go traipsing all over the Internet to get the Temporary Internet Files it requires to display webpages.  Rather than that, it gets them locally through the ISP's transparent-proxy.

3. While the above sometimes provides a performance enhancement - there is a problem if the website has updated something on its site and the transparent-proxy is out-of-date and returns old-data in the transparent-proxy instead.

4. You fix the above by going to the Internet Explorer "Tools/Internet Options/Connections" dialog and clicking on the "LAN Settings" box.  Remove the checkmark in the box labeled "Automatically Detect Settings".  OK your way back to IE.  Close IE.  Reopen IE.  Go back to the autodetect dialog and confirm the checkmark is gone and has stayed gone.  Browse with IE.  In many cases, you will now find that IE is faster, not slower, because you are using the ISP's transparent-proxy as designed - where the proxy is automatically updated by the ISP in the background whenever a website publishes updated info.

Now, to detail your problem:

1. If you ran (note past tense) IE with "Automatically Detect Settings" enabled - NIS properly-and-correctly detected you were running through an http-proxy.  As a result, it set an exception in the firewall ruleset to permit that proxy to be used for communication between IE and "the outside world".

2. Even if you disable the automatic proxy detection as detailed in the previous section of this post - NIS will remember that you used an http-proxy in the past - and the items in the NIS firewall ruleset will reflect that fact.

3. You can experiment with the above by deleting your IE ruleset in the full NIS firewall ruleset, shutting down and restarting your machine, and allowing the IE ruleset to be automatically recreated by the NIS auto-discovery process the next time you start IE after rebooting the machine.  Since you are no longer using an autodetected proxy (because you have that "feature" disabled in IE), NIS should not need to create an http-proxy entry for IE.  Your IE entry in the NIS firewall ruleset may reflect that.

Note: NIS autofills the rulesets for many applications based on the things an application can do - rather than what it is actually doing.  This prevents stupid errors like not-being-able-to-connect-after-the-fact, when changes are made to the way a program works.

This full-featureset-autofill for ruleset-creation is especially useful for Network Printer setups - where the Printer may "talk back" to the Printer Monitor Software in your System Tray using TCP/IP.  Under normal conditions - without NIS intelligent-firewall-configuration - that communication would be blocked by default - because it was coming from "outside".  However, in that situation you want the communication to occur - so the Printer Monitor Software can tell you the toner is low, the paper is low, you have the wrong tray in the printer, the paper is jammed, or you've fiddled with something in the printer and you forgot to close the cover.

The best demonstration of the usefulness of ruleset-autofill occurs when you use a Multi-Function-Printer with an onboard Page Scanner.  Without intelligent-ruleset-autofill - when you try to Scan from the Printer and have it send that info back to your desktop using TCP/IP - the scan will fail because it started from "outside".  You are scratching your head - because you've installed and configured "by the book" - yet your Scans don't work.

With ruleset-autofill, NIS will "see" that you've got a Multi-Function-Printer, it "knows" that MFP has Scanner capability, and NIS will auto-adjust the firewall ruleset to allow for incoming/outdoing data from/to the TCP/IP ports used by the Scanner.  All is now sweetness-and-light-in-the-world.   

No headscratching, thrashing about, or swearing-such-that-the-room-is-filled-with-blue-fog is required. 

Final conclusion in regards to your situation:

NIS is doing its job.  It ain't broke, don't fix it.

This thread is closed from further comment. Please visit the forum to start a new thread.