# How to block the bitcomet port?



## hong1101 (May 19, 2006)

Hi, i am using ZTE ZXDSL 831
i have login to 192.168.1.1 and had set the firewall to block the port 6881-7999(common bitcomet port) for the TCP. but it seems that cannot block it and still downloading.10s for any help!!


----------



## SepiasSoul (Jan 9, 2005)

Bittcommet searches for any available ports. 6881-7999 are just the most common ports it uses. If those ports are busy or blocked then it will just move to anouther port range. Why are you trying to block the ports and not just turn bittcommet off?


----------



## TheZeDD (Jul 2, 2002)

Here:

http://www.majorgeeks.com/download.php?det=682

Download and install ActivePorts 1.4, then (before loading BitComet) open it up and make note of the current running ports. Too make it easier, click the tab to sort local ports.

Then open comet, note its ports. then use your means to block those ports.

I am curious, are you running this program or is someone else you are trying to deny access? This program is intended to run on the computer you wish to investigate. It wont work remotely or investigate your router.

Are you blocking both inbound/outbound ports TCP/UDP ? I dont see how your able to connect by denying those specific ports unless its using another slew either defaulted or modified. *Shrug* never used comet, but the above should help guide you.

You were a little vague on your opening info. Are you looking to block the program entirely or are you looking to block other people from downloading material from you?

I dont see why you would even bother loading the program just to block it. Unless your not being open 

KUP!

Z


----------



## hong1101 (May 19, 2006)

haha,sorry that my opening info is vague ya. I looking to block the program entirely for everyone in a network.I donnot want to let other network user notice that i have block them, so that i tend to find a way that can block the bitcomet program to upload and download. 

i was block both inbound/outbound ports TCP.


----------



## SepiasSoul (Jan 9, 2005)

I don't know of a way to block it program specific like you would need to do, since BC will use any open ports, you would have to block them all, which would disable anyone from using the net. You could also just log into the router and deny them a connection all together. But without actually getting on their computers, I think you may be outta luck.


----------



## TheZeDD (Jul 2, 2002)

Sepia thats not true. Not entirely depending on how BC works and with what ports.

Hong, what you need to do is as I had stated previous:

- Nab the AP proggy and install it on a station. 

- Record what ports are in use.

- Open and close BC a couple times and note what ports it is trying to use. Pause for a couple minutes in between and watch the ports actually close in AP that BC was trying to connect with.

- Do this on a couple stations. You should find a common denominator!

Also, open up BC and look thru the configuration options. You should find an area that may (or may not, but should) give you an option to use predefined ports. You should see that you can change these ports! 

If this option exists, then all a user has to to work around your blocked ports is reconfigure these ports unless you block a large set and hope they give up before finding the ones not blocked or still supported by BC and its network/clients! If you cannot find anything listed in the help files (if included) you shooting blanks for the most part. Sooo...

A better option would be to search for a site that has info on what ports are needed to be used with BC or are supported by BC. Search for a BC support site, or even a p2p (that's Peer 2 Peer) file share/client support site. I think you will achieve better results that way if this makes no sense. I am surprised no one else has commented. I know there are plenty of P2P users around here 

More so your looking for the port that is used to initially connect with and hope its a common denominator. If not, then you need to find the common slew of ports that again is hopefully a common denominator for downloading and outside of the realm that is a standard port (kind of what Sep was referring too) for other applications.

If you can block a set of ports either for connecting or the download/uploading, this will hamper ANY attempts even if a connection is successful!

Never used Bit myself so I can only give the general direction to use which is what you would normally do in ANY case such as this without any additional info.

If you can post some info about the ports used or some config options, I or someone else should be able to direct you or at least give some additional info.

GL! Keep Us Posted!

Z


----------



## Couriant (Mar 26, 2002)

hong1101 said:


> Hi, i am using ZTE ZXDSL 831
> i have login to 192.168.1.1 and had set the firewall to block the port 6881-7999(common bitcomet port) for the TCP. but it seems that cannot block it and still downloading.10s for any help!!


ignore previous statement 

Well you can use group policy to stop them running setup files. Then uninstall the programs. If they try to install it again, then they will be blocked


----------



## hewee (Oct 26, 2001)

If you have Zone Alarm then read this and try it out.

I got this from someone I know.



> A friend at another forum I frequent wrote these tips for me to help me
> increase the security of my ZoneAlarm Pro firewall, and so I am thinking
> that some of you guys might find it usefull as it turns the humble
> ZoneAlarm Pro into a force to be reckoned with. Actually, I think it was
> ...


----------



## SepiasSoul (Jan 9, 2005)

Bittcomets default ports are 6000+ if I remember right. I use Bittorrent myself. You can predefine the port at which it starts scanning, but you can't tell it to only use range X to Y as far as I know. I have heard of some routers that will allow for a percentage of bandwidth that you van give access to for each computer on the network. If your annoyed at the amount of bandwidth they are taking up, doing this could solve the problem. You could restrict them to something like 10% of the overall bandwidth, leaving the other 90 for you. I'm not sure what routers, if any, allow for this, nor how to do it, it's just something I have heard about and may be a good solution since your wanting to take the stealth approach from what I understand. Mabey someone else knows something about it.


----------



## JohnWill (Oct 19, 2002)

Linksys has a SOHO 8 port router with QOS capability, just limit their bandwidth.


----------



## SepiasSoul (Jan 9, 2005)

I knew that their was one out there, just didn't want to sound like an idiot if I was wrong


----------



## TheZeDD (Jul 2, 2002)

Hewee, I would double check with a current version of ZA on your port options. I think you may have trouble with your port definition list with any good firewall! Tho your port options are good (actually too good) with a good firewall and your going to have alot of trouble communicating with a network or Internet comms unless your firewall allows you to over-ride the port blocks using the double dummy control option. If so, your firewall is worthless! Or at least your configuration. Either way.

If your looking for added security, heres a good option, regardless what some might have you think, check GRC for those who may differ... Unless you are running some sort of service that absolutely requires NetBIOS, disable it and install NetBeui! With XP you can use any XP cd, their all the same, check/search Netbeui in the ValueADD folder, instructions are with it. BUT, on XP, once you copy the two files over from the CD, REBOOT! Then tick the box in the network properties and reboot again. 

I dont give a rat what MS says on their site about how to install it. They also say NetBeui is no longer supported for XP, yet they say the same for 2003, then they say you can use the XP cd to install NB on 2003 *rolls eyes*

Ya know, I never thought about it, but most of your PRO firewalls give you a password option. Set it! And take away admin/install rights !?

For ZA (or any Firewall/Router) your going to need these ports (for most average and above average users):

You can block anything TCP/UDP (and should) under 1024 (1-1023) EXCEPT as noted:

You need inbound/outbound UDP 53, its your DNS support for looking up websites. Unless you want to deny users this access, do NOT block it.

Optionable in/out port TCP 20/21 FTP access (not UDP!).

TCP 443 OUTbound only, Secure Web Connections.

TCP ports 25/110 for POP3 access to email

Now this may differ depending on if its at a firewall on a computer or a router attached to a DSL/CABLE modem. Also, if you have a combination ROUTER/MODEM (all in one).

You can block outbound 80 TCP but you cannot block inbound 80:

- at a stand alone routers WAN if the modem is ahead of it.
- at a computer attached directly to an external DSL/Cable modem.

You can try with these two and see if your setup works or squeaks about it. Usually an external modem communicates HTTP service to its client via 80 TCP. NOT the router to the client unless you have some goofy router.

Deny incoming/outgoing 1900 TCP/UDP from the web where possible!! Its possible at all times on a routers WAN port. In fact, you could just deny 1-1900 UDP except for udp 53! You may not be able to block 1900 on a computer, its for internal networking access.

Now, depending on whether or or not you rebind your network protocols your also going to need (on the internal network ONLY) ports 130-139 and 445. If you unbind and disable spitbios you should only need 135 TCP and/or 1900 UDP!

You will also need various TCP/UDP ports above 1024 for various applications, messengers, games etc.. If you use the previous users settings/port options your going to have issues.

iCMP can also be blocked if chosen but you will not be able to perform Trace Routes or Ping external sources. If thats fine by you it can help to secure your network and it is UNneeded anyways for general usage!

Netbeui is an unroutable protocol, highly unlikely to be sent or connected to the net, so its by far quite a bit safer then near any option available! You could almost ditch your firewall with the above settings and using NetBeui!



ZZZZZZZzzzzzzzzzzzzzzzzzzzzzz.....


----------



## hewee (Oct 26, 2001)

I have all my ZA setting as high as they will go but I have not done the setting change I posted above.

I have 98SE and use ZA Pro 4.5.538.001. Windows Scripting Host is disabled. 
http://www.sarc.com/avcenter/venc/data/win.script.hosting.html

I have a router too.


----------



## TheZeDD (Jul 2, 2002)

Thanx for the reply info Hewee!


----------



## hewee (Oct 26, 2001)

Your welcome TheZeDD


----------

