Port Forwarding - What Does One Need Guard Against?

[luumak]

When you open a port, what actually occurs and how does this make your computer vulnerable? I was running utorrent and another utilitiy that showed the port was scanned every so often. What was actually occuring when the computer is scanned? I was seeiing some oddities like lawyers offices, multimedia companies, chinese schools/companies...

at portforward.com it states which port to open for which prog. Is this a vulnerability? What programs do people use to do port scanning of others computers and once found what sort of mischief can be done to my computer? What sort of attacks can be made on a computer with open port (keylogger, hijack, file placement, file scan for financials?? I would close the port after my downloads as well and reboot th emachine i was downloading from.

The computer was protected with a firewall at the router (but w/ open port) and firewall on the machine. Also, what if another computer is connected to the router (w/ firewall). Is this computer also vulnerable?

Thank you ~

[Trevor]

Was your 'other utility' Peer Guardian? That is supposed to block intrusions from organisations searching for peer-to-peer transfers like UTorrent.

When using public access wifi, such as in a hotel, you can't forward your ports because the hotel won't disclose their router specifications and passwords, so transfers will be slower.

[dsys]

When you open a port, what actually occurs and how does this make your computer vulnerable? I was running utorrent and another utilitiy that showed the port was scanned every so often. What was actually occuring when the computer is scanned? I was seeiing some oddities like lawyers offices, multimedia companies, chinese schools/companies...

at portforward.com it states which port to open for which prog. Is this a vulnerability? What programs do people use to do port scanning of others computers and once found what sort of mischief can be done to my computer? What sort of attacks can be made on a computer with open port (keylogger, hijack, file placement, file scan for financials?? I would close the port after my downloads as well and reboot th emachine i was downloading from.

The computer was protected with a firewall at the router (but w/ open port) and firewall on the machine. Also, what if another computer is connected to the router (w/ firewall). Is this computer also vulnerable?

Thank you ~

Ports are an addressing mechanism between Layer 4 and layer 7 of the OSI model. They allow communication between a method of transport and an application. What does that mean - your web browser (application) needs to communicate with your internet connection (transport), it does this by using the TCP (Transmission Control Protocol) stack on the same port for a particual type of communication.

OK you ask what actually happens, I'll assume by openeing a port you are talking about forwarding on your routers firewall. What actually happens (most of the time) is that any communication on the port you have specified is always directed to one specific computer (on consumer based routers).

So what? Well there is no inherent danger in doing this. (go on guys flame me) HOWEVER lets say that your browser has a bug in it, lets say that that bug allows another computer to execute code (a virus keylogger etc) on your computer without your knowledge THEN we have a problem.

The fact that you opened the port does not make your computer vulnerable the application or operating system that you are running to read the data comming in makes it vulnerble. So you have to ask yourself - do I trust the quality of the application I am running? Is my operating system up to date with patches etc?

You were running utorrent - i am guessing this is a p2p application. This will be designed to look for connections and accept connections from other computers running utorrent. Thats probably why you say so many different computers trying to connect to you computer. Is this safe - well do you trust utorrents programming - do you consider it a well written application? when was the last secutiy update for it? If it was free you can bet that there is not much notification of secutiry flaws.

What applications are used to scan computers? Well the list is endless but a few good ones are - ping, tracert, pingpack fron ipswitch, netscanner(original version) ethereal. These are all network diagnostic tools but there are also others that have a more sinister application.

In gerneral a firewall will not protect you from these kinds of attacks, your virus software may if the attack has been seen before but if its new your proabaly going to be a zombie for a while.

Is the other computer vulnerable - not directly but it proabaly is indirectly as soon as one pc gets infected its generally easyier to infect another computer on the same network. Ever get a virus on your PC at work? Call tech support - first thing they tell you to do is unplug it from the LAN.