Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Applications > Little Snitch ?? 8000 n 8081??

Little Snitch ?? 8000 n 8081??
Thread Tools
vsmsamples
Fresh-Faced Recruit
Join Date: Sep 2006
Status: Offline
Reply With Quote
Sep 24, 2006, 03:10 AM
 
Hello

I just installed Little Snitch and I was alerted to firefox trying to contanct a remote site hidden under seriall.com under port 8000 and 8081, this also happens at crackz.ws. (Windows users DO NOT go here as you will be infected upon site load!!) I assume these are http but what exactly are these ports for. I also notice this on every other exploit infested sites out there. This is strange because Little Snitch never alerts be about firefox trying to connect on port 8000 or 8081 on any websites except these two described above.

What is the function of 8000 and 8081?

Is this some convenient port that allows attacks to exploit more efficently then port 80? im so confused
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Sep 24, 2006, 05:28 AM
 
Portnumbers over 1024 are not restricted in UNIX. This means that anyone can start a server that listens on these ports - 1023 and below are reserved for root, the administrator of the computer, on all UNIX systems. As a result, such numbers can be used by any service.

The IANA reference lists "iRDMI" for port 8000 and "Sun Proxy administrator" for 8081, but I don't think that's what's happening. I think they are simply alternate http ports - that the HTTP service is running on that port because port 80 (the regular port) is used for something else - probably another http daemon.

You can have Firefox, or any other browser, connect to a server on a different port by typing http://server.name:1234, where 1234 is the port number. I think this is what "cracks.ws" is doing - it's loading an image or a script or something from a server using a URL like that, with an explicit port assignment.
(Last edited by P; Sep 25, 2006 at 08:26 AM. )
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Sep 24, 2006, 06:51 AM
 
A lot of "proxy/firewall avoiding" sites use port 8000, 8080, and others in that range to avoid being blocked or monitored. It's an old trick and it works when you need it-and the net admin is still thinking in the stone age. As you explain that these sites are bad for Windows users, I'm going to assume that they are using these ports specifically because some Windows users think they're getting something special out of this dodge. And from the URL (crackz.ws) it looks like it's good bait for the "something for nothing" crowd. Kinda sad...
Glenn -----
OTR/L, MOT, Tx
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 05:46 PM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2