Windows and privileged ports <1024

Question

Windows and privileged ports <1024

Anonymous

Does Windows have privileged ports <1024 similar to Linux? No one I talk to seems to think it does. However I can get a service to listen on port 22 but it refuses connections. The very same service can listen on port 2222 and will immediately accept connections. What is preventing the connection on port 22? I have disabled all firewalls, I tried disabling UAC, I ran the service as adminstrator. None of that allowed a connection to port 22. If there is a mechanism stopping socket creation on ports <1024 in Windows, what is the mechanism? If not, what could be preventing the connection on port 22?

Worth repeating because every time I ask this question the first answer is always "is your firewall on?" My firewalls are all disabled and the connection is still being refused on port 22.

Edited to add More details: I'm actually running a honeypot, which is a python program emulating an ssh server. It's not actually an ssh server. That's what's leading me to believe there is some mechanism controlling what binds to low ports.

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

8 answers

Answer 1

OK, I'm getting somewhere. I found this: http://support.microsoft.com/kb/174904

which says

"The Well Known Ports [those from 0 through 1023] are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users"

So that leads me to believe that Windows does have the same limitation on socket creation as Linux has. The article says it applies to XP/2003/NT, so I am assuming it applies to newer versions of Windows OS's as well. I'd like to verify that, though.

Answer 2

Thanks for your response, Al Jarvi. Like I said, I disabled the firewall. So unfortunately the links you gave do not help.

The firewall is absolutely, positively NOT preventing the connection. I suspect that there is a mechanism built into Windows that prevents binding to ports <1024 unless some condition is met. I don't know what the condition is and I don't know what the mechanism is. I want to know both.

Answer 3

Anonymous

Can you run the python script as admin to test, or is that not possible (or run CMD as admin to run script).

0 comments

Answer 4

Thanks Dustin. I'm actually running a honeypot, which is a python program emulating an ssh server. It's not actually an ssh server. That's what's leading me to believe there is some mechanism that doesn't allow processes (not owned by administrator maybe?) to connect on low ports.

The honeypot will listen and connect on port 2222, so I know I have it configured correctly. When I change it to port 22, the connection is refused with the exact same configuration.

This page indicates this particular python honeypot can only use TCP Port 2222...

http://msdaisysramblings.blogspot.com/2012/08/honeypot-shaken-not-stirred.html

You might chech the documentation or support site for your particular software...

With sufficient security running a real SSH server is not an issue IMHO. I used to run a copSSH server...

http://theillustratednetwork.mvps.org/Ssh/SecureYourcopSSHServer-Vista.html

Answer 5

Have you seen this?

http://windows.microsoft.com/en-US/windows7/Open-a-port-in-Windows-Firewall

An example...

https://skydrive.live.com/?cid=25ab668da65c8fbe&id=25AB668DA65C8FBE%21118#cid=25AB668DA65C8FBE&id=25AB668DA65C8FBE%21206

Configure for both Private and/or Public depending on where the computer is located, ie. on your home LAN or connected directly to the public internet.

Share via

Windows and privileged ports <1024

8 answers