Opera is listening 2 udp port constantly

nimnull22 · December 14, 2009, 7:48pm

Hi.

I would like to take some of your attention.

Opera Version 10.10 Build 4742 is constantly listening 2 udp ports.
One for upnp 1900 - I do not really care.
But second - is random, and opera is listening WAN IP of my computer, not localhost, not 0.0.0.0, WAN, which is connected to router - and who knows, may be it sends something, and if it send UDP out, they can go back.
I do not like it.

Could you all who use Opera check this, please

Thanks

Chrysantine · December 14, 2009, 8:00pm

My guess is that it’s the unity web server that doesn’t seem to disable itself even if you tell it to, seems like a bug.

nimnull22 · December 14, 2009, 8:10pm

I do not care what unity is this, but if opera sends something out of your computer, any NATs and router allow incoming traffic from that IP. And it is UDP.
And more important - it is random port, difficult to sniff from the time when opera starts up.

If this is not a bug - thit is “backdoor”

ab · December 14, 2009, 8:24pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unless you have “turned off” (opened up) your system’s firewall which is
enabled by default this should not really affect your performance or be
much of a backdoor. Setting your firewall not block things, though, does
not make sense in most cases (certainly not on a workstation) so
regardless of the intent of these ports they should not have much impact
on your box, especially considering what you mentioned about the
randomness and UDP nature of the ports. The 1900 port open on mine seems
fairly static but it also appears to be in the multicast range of IPs.

Have you disabled the Unity feature Chrysantine mentioned?

Good luck.

nimnull22 wrote:
> I do not care what unity is this, but if opera sends something out of
> your computer, any NATs and router allow incoming traffic from that IP.
> And it is UDP.
> And more important - it is random port, difficult to sniff from the
> time when opera starts up.
>
>
> If this is not a bug - thit is “backdoor”
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLJpEGAAoJEF+XTK08PnB5LK0QAJJy4Z2XPRCY3LLj47rF5TUx
B11e/S16YwZVskE1fjyKg+nUAO6GCjZxfYEBT058GfIo7uuVbxLXgcldpgOv8Hwt
xE4JUoDQ1z9GIAjKAucW7iM7iZ0XuOP3dfED4QNf/wdrFQtV/03mRitN+6j8n2gY
6L5exDX+ryST9eE6vddmIWBByrYxPE+jmSrUkKUtvyBmOKnoxdM/xOWOaKyGikvU
Vh3FDVlHmMczdUZtsZm1Rr30xZHviNm/kQY4CZqqavaS5maniLw9d7RiEpObr3Ic
pjc42Lk4HbQQZqEf5g3k5jX/y9WiX33xf6hSQvR5kZzWW+OTw5ZCk/JoXWd4/kxI
TH5jfA/5xyAlv1/MQZ1m0jFZ1rFESfJUV5YJXSNgAA3e+YBcO0fnAgwqdA74PMWp
IXY1mrtfAifP2oZ5ipj/eilL44TmMXWXBelfri1Y4yA1lLA/UAaT5/JWFrz7ElT2
R8TfRRJ8OIJQCjlp2z9i2BsqdinZlgGNw8MRaPBhmf2DTg5JPS3SYDM6CzqjUhE9
OPw8a5lpJ9aHYVfbfmsEnWRBuJJ9KUUHQC+4Biwu4rt5SLuIBQz5oU5RQsb+VmBp
u6p0saC6lD27JpoNW6YKTZwwyl1LC6Oidgp3uveovHSDtXkndhukKVHeb3xR+svN
V+TVN/4Lp428AYSdn0TY
=Ndgc
-----END PGP SIGNATURE-----

Chrysantine · December 14, 2009, 8:34pm

I tcpdumped all the traffic from Opera and it does absolutely nothing - it doesn’t send anything out apart from query to figure out what the hostname of the client resolves to.

I’m pretty sure you can loosen the tinfoil hat a bit.

nimnull22 · December 14, 2009, 10:50pm

You do not understand the the trick. If Opera starts connection your firewall won’t help you.
Firewall can’t help when connection starts from inside.
Or you are on wireless, one big local network. And Opera is already listening.
I disable everything I can - still 2 ports open.

I have a question, how one can prevent port issue, for example I do not want Opera listen any port at all. How can I prevent it?

ken_yap · December 14, 2009, 11:13pm

If you have a normal home router/firewall like most other people, the open port cannot be connected to from outside unless you have created port forwarding rules or enabled upnp.

If you are worried about apps phoning home, too late, you already use a non-open source app, and there’s no knowing what it will send out. And unlike open ports, you can’t easily stop this because most home firewalls are set to NAT everything sent out.

Maybe you should do one or more of the following 1. turn off the web server feature, 2. worry less, 3. don’t use opera.

ab · December 15, 2009, 12:17am

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You do not understand the non-trick. You are showing us a LISTENING port.
Where your application listens is completely irrelevant since nothing
(unless your firewall is, as mentioned previously, poorly configured) can
reach it. You cannot make an outbound connection from your machine to
something else on one port and have it come back into your system on
another port. A firewall or NAT device will not allow that unless it is
doing some kind of deep packet inspection and you do not have that.

On to the bigger issue that ken yap already brought up, no malicious coder
is going to write their application to open ports as blatantly as that as
there is no reason. If Opera is going to connect out to the world and say
“I’m here at IP address w.x.y.z” is it not also going to require a
DIFFERENT port to be connected to at IP address w.x.y.z because when it
connects out to the world there is an open socket for as much data
transmission as possible without any NAT/firewall tweaking.

Finally, a quick Google for ‘opera udp port listen’ (without quotes) came
up with this thread which seems to explain everything nicely, sans hysteria:

http://www.dslreports.com/forum/r23406383-Opera-1010-keeps-opening-ICF-ports-security-issue

Good luck.

nimnull22 wrote:
> You do not understand the the trick. If Opera starts connection your
> firewall won’t help you.
> Firewall can’t help when connection starts from inside.
> Or you are on wireless, one big local network. And Opera is already
> listening.
>
>
> I have a question, how one can prevent port issue, for example I do not
> want Opera listen any port at all. How can I prevent it?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLJsd1AAoJEF+XTK08PnB5LywQAIGsZE1U//daTw4XW894yFBJ
bKhYxmTjmIsXHnW6VsSIozJEYtdBtOXO22EZNByRlQP1yC1SCkch41XQUzueM3Tv
YfjZ9PqLOSFlNk771TLVfVdQmf6sI9zmMntV/nQt+0wgovzy2X3dTXsVP4gy6bNH
yMEdkWz977lU/ZsHaIVisV0z6bpmbjRHXl8Z0+cYFozKmZMZJjHr8VMbcVqZ4jbq
BQutD1Y5Be029sLjXdbgd+RD9CtkQcc9rsntxrG/2QYnGNWVvaiJWvhLts8iJOT0
qUOViIY4ms/+XnWqzDIS9vvLjLFK5Ky9L6nDYZS9KmeDgq2KNMZdNZjP98hGkG6i
IdidGjtjLswfFmYN8+uS/iHg/SsR1hDV5wVWf4nRasikHfzXipueu1yr78yUZk6v
MgPaeWDL9Vc1jS0h9NIfO4Kk47+9VW6jb2aVBS/m2JRprXn2e2LYyAgAlXuf9UgN
0ZypgShJqj0WlnZNWqHD/BdJojgOGia2NCFTsaJm4U/Ugg2dm4PMN6Paph08Wy5X
ZeGuAcxLZXa5+iROJv7Fiea90DsHBN9rlOQGqNRaBJhRpK3PNiluL83HdKfy2OoC
sZZU+9nbPTcO7+L+OUoOaUI4kpRkp3b7tzLHzDEZtGUhsRztFJCMa+7GNFruoBUn
T11kMAxihToXlQi3YBLt
=9pPl
-----END PGP SIGNATURE-----

nimnull22 · December 15, 2009, 1:23am

Thanks very much for the help.
I also found what to disable.
But I’ve lost my trust to Opera and going to play a little bit with iptables -A OUTPUT -m owner --cmd-owner opera…

I do not like this new features.

Thanks again.

ijbreakey · December 15, 2009, 4:02am

This is probably one of those times when you would want to know what the application your using does before you use it.

Opera Unite

I use the file server part of Opera, as well as the Media Player, so for someone like me, this is acceptable. You need to enter passwords even to create a connection with the computer to download files from, and you can specify which folders to share, etc, etc. The link above will help you understand what the feature is, but as you said you’ve disabled the services, so it’s not a problem anymore.

But as I said before, you might want to know what the application you’re using does before using it. I believe the Opera Unite part of the browser was advertised when you started Opera for the first time (one of the original two tabs that initially open).

Take Care,

Ian