X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Slow Launch

Posted

I have the TCP Pirate Ports, including the 49###'s, blocked in my firewall. This causes a VERY slow FF launch, but does not seem to have any affect on the actual operation. Is there any way to opt out of these unnecessary TCP requests?

Chosen solution

I'm not sure of the "TCP Pirate Ports". I think a default installation of Firefox wouldn't be using ports in that range.

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 10.3 r183
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 1.6.0_29 for Mozilla browsers
  • iTunes Detector Plug-in
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.0
  • Octoshape embedded video plugin
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • Adobe Shockwave for Director Netscape plug-in, version 11.5

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

More Information

I (think I) have opted out of Firefox, Add-ons, and Extension automatic updates, but not that for the Search Engines.
The browser and OS "guesses" seem correct.

Vivek 310 solutions 2084 answers

Hi,

Please check if this happens in Safe Mode.

Question owner

Thanks for your reply, but this made no difference.

The ports addressed come in pairs, usually in the 49###'s, indicating two way traffic. Automatic updating is turned off and this happens before any service is requested, so this use of unassigned ports does not look good. It would be better to put this kind of traffic on a secure footing, i.e. 443. Such would also facilitate use of the usual ranges for a secure port blocking setup.

Vivek 310 solutions 2084 answers

Chosen Solution

I'm not sure of the "TCP Pirate Ports". I think a default installation of Firefox wouldn't be using ports in that range.

Question owner

The way to find out is to block them in your firewall and watch the result. I was a bit surprised at the unregistered port usage too. This is most commonly used for P2P music\movie swapping, not in respectable applications.

Modified by dmelliott

Vivek 310 solutions 2084 answers

I think a default installation of Firefox downloaded from Mozilla wouldn't be using the ports in that range.

Question owner

As previously stated, this is not an "I think" item. It is verifiable either by simply looking in your firewall traffic log or by blocking the unlisted ports in your firewall (often under 'advanced rules'), and watching what happens.

My copy, and all copies I have ever had, have come from the source.

Also, both my virus scanners are perfectly happy with my system (Malwarebytes can be run in passive mode with other antimalware applications).

Please do one of the above.

Modified by dmelliott

Vivek 310 solutions 2084 answers

Okay, I can confirm that Firefox without a proxy isn't using ports above 500o and that too are loopback connections in the unregistered ports range.

Question owner

I don't understand your reply. There was no mention of ports over 5000 or use of proxy.

"and that too are" is a bit confusing. I don't understand the intent.

The problem remains: why are ports that would be blocked in a secure setup being used? Why is there a loopback at all?

Security considerations have all but eliminated the use of looping back since it invokes the host file. This is where permanent redirects are stored and as such it is a maleware playground.

Disregarding the security issues, why is it there in the first place? Why would a programmer ever want to use it? Everyone else gets along fine without it.

I should say that my system is W7-64 Ultimate.

Vivek 310 solutions 2084 answers

There was a detailed explanation regarding the connections, but I think I lost the exact bookmarks. You can try here. Please also see this.

Question owner

The first link goes to the MDN front page which is not much help. The second simply goes to a statement of the fact that unassigned ports are used to access the host file along with several statements of why this is not a good idea, as was stated in the first place.

Since the use of ports with no assigned protocols is insecure, since, as Wikipedia describes it, "the hosts file represents an attack vector for malicious software", and since there is no need for it (as a comment in the second link point out, no other browser does this), there seems to be a problem here.

This conversation has now gone full circle rather than resolving an issue. Thus, I am terminating my participation.

Modified by dmelliott