Dropbox is cloud-based file storage service. It is free to sign up, and provides web-based, desktop and mobile file sync applications. This article shows the ports used by Dropbox, and explains how to block or allow these ports on your computer network.
Ports used by Dropbox
Dropbox primarily uses ports TCP 80 and TCP 443.
It also uses TCP Port 7600 and TCP 17603 for the web-based “Open” button, and TCP Port 17500 for the LAN Sync feature. LAN Sync is different from the regular sync feature – it performs sync operations between computers on the same LAN and shouldn’t connect to the outside internet.
Dropbox does not require any public-facing open ports to operate. It initiates the outbound connections to the Dropbox server, and uses this for all communications.
How to Block Dropbox On Your Network
If you want to block Dropbox on your network, there are a few measures you can put in place:
- Create local firewall rules using Windows Firewall to block Dropbox.exe and DropboxUpdate.exe
- Block the resolution of DNS records on the dropbox.com, dropboxapi.com, and dropboxusercontent.com domains. If you run your own DNS server (such as an Active Directory server) then this is easy:
- Open your DNS Management Console
- Create a top-level record for ‘dropbox.com‘ and the other domains mentioned above.
- Do nothing else. By pointing this record nowhere you will stop connections to this domain and all of it’s subdomains
- Ensure the only DNS connections allowed on your network are to your own internal DNS servers (which contain the above dummy-record). This removes the possibility of the TeamViewer client checking DNS records against their own servers, instead of yours.To do so, add a new outgoing firewall rule to disallow TCP & UDP port 53 from all source IP addresses, EXCEPT the addresses of your own DNS servers.
- Block access to the Dropbox IP Address Ranges. You can check the list of assigned addresses on the ARIN website, and add these ad DENY rules in your firewall.
- You can utilise Group Policy to deny Dropbox.exe from running. To do this, create a new Software Restriction Policy with a Hash Rule for Dropbox.exe.
- Finally, if you have a firewall with Deep Packet Exception, you can enable the in-built rules to block Dropbox. These firewalls often release new definition updates as the situation changes, so a lot of the hard work is handled for you.