Port forwarding/open ports?

Discussion in 'Computer Security' started by AV, Jan 30, 2006.

  1. AV

    AV Guest

    To be able for another person to connect to my Netmeeting (conf.exe)in
    Windows XP and share applications I would need to open the ports 1720
    and 1503 in my router firewall.

    My wonder is how much more vulnerable I will be if I do that? It would
    be nice not to have to open and close those ports over and over again in
    my router firewall when I need it and instead having them open all the
    time so it will just be to start Netmeeting when I need to collaborate
    and share applications.

    - Is it just a risk (bigger or smaller?) when I have Netmeeting started
    since I suppose some good hacker would need an application that actually
    listens to those open ports to be able to do anything? If I normally
    don't have Netmeeting started I suppose the ports could just as well be
    open in my router all the time?

    - If it is a risk as described above, what if I create a rule in my
    software firewall that blocks those two ports on the computer in my LAN
    to which the ports are forwarded? It is quicker for me to put that rule
    on and off in my software firewall than to open and close the ports in
    the router.

    - These same questions above goes for the one port one can choose to
    have open in the router to give the best possible chances for good sound
    quality for Skype IP calls. How risky or not is it to have a few ports
    open in you router firewall?
     
    AV, Jan 30, 2006
    #1
    1. Advertising

  2. AV

    Watson Ladd Guest

    Depends on what applications are listening. If no application is
    listening then the system will send back an error to the remote point.
    So a vurnerability would have to be in the IP stack before the firewall
    hook.
     
    Watson Ladd, Jan 30, 2006
    #2
    1. Advertising

  3. AV

    Guest

    AV wrote:
    > To be able for another person to connect to my Netmeeting (conf.exe)in
    > Windows XP and share applications I would need to open the ports 1720
    > and 1503 in my router firewall.


    ok

    > My wonder is how much more vulnerable I will be if I do that? It would
    > be nice not to have to open and close those ports over and over again in
    > my router firewall when I need it and instead having them open all the
    > time so it will just be to start Netmeeting when I need to collaborate
    > and share applications.


    good idea. that is just as safe or unsafe as what you mentioned above.
    But it is more convenient. As long as you only have netmeeting running
    when you need it.

    you could improve it by setting your "home routers" firewall to only
    allow your friend's ip to connect. nobody else. but then if your
    friends ip changes, it's a nuisance. I think many broadband IPs tend to
    remain constant for ages, prob depends on the provider.

    > - Is it just a risk (bigger or smaller?) when I have Netmeeting started
    > since I suppose some good hacker would need an application that actually
    > listens to those open ports to be able to do anything?


    I think what you wrote there doesn't make sense

    >If I normally
    > don't have Netmeeting started I suppose the ports could just as well be
    > open in my router all the time?
    >


    correct, good idea.


    > - If it is a risk as described above, what if I create a rule in my
    > software firewall that blocks those two ports on the computer in my LAN
    > to which the ports are forwarded? It is quicker for me to put that rule
    > on and off in my software firewall than to open and close the ports in
    > the router.


    part of what you wrote there doesn't make sense. But you're hintin
    towards a good idea.
    Set your firewall to block everybody from connecting , except for your
    friend's IP.
    then even if you did have netmeeting open all the time, and ports
    forwarded by your router permanently, your firewall would (try to)
    protect your computer. Pretty safe. Safest thing is that + not having
    netmeeting running all the time.
    I think it's unnecessarily to go to the lengths you showed some
    distaste for, the idea of setting port forwarding each time you want to
    use netmeeting. Better to just run netmeeting when you need it.


    > - These same questions above goes for the one port one can choose to
    > have open in the router to give the best possible chances for good sound
    > quality for Skype IP calls. How risky or not is it to have a few ports
    > open in you router firewall?


    same. if the software isn't running then it's certainly ok.

    I guess that if your comp was exploited then malicious software could
    use those ports though. so perhaps not so safe. to have loads of ports
    forwarded. At he same time it may nto be so feasible time wise to keep
    forwarding the right ones each time you use the software. it's a
    compromise
     
    , Jan 31, 2006
    #3
  4. AV

    Winged Guest

    AV wrote:
    > To be able for another person to connect to my Netmeeting (conf.exe)in
    > Windows XP and share applications I would need to open the ports 1720
    > and 1503 in my router firewall.
    >
    > My wonder is how much more vulnerable I will be if I do that? It would
    > be nice not to have to open and close those ports over and over again in
    > my router firewall when I need it and instead having them open all the
    > time so it will just be to start Netmeeting when I need to collaborate
    > and share applications.
    >
    > - Is it just a risk (bigger or smaller?) when I have Netmeeting started
    > since I suppose some good hacker would need an application that actually
    > listens to those open ports to be able to do anything? If I normally
    > don't have Netmeeting started I suppose the ports could just as well be
    > open in my router all the time?
    >
    > - If it is a risk as described above, what if I create a rule in my
    > software firewall that blocks those two ports on the computer in my LAN
    > to which the ports are forwarded? It is quicker for me to put that rule
    > on and off in my software firewall than to open and close the ports in
    > the router.
    >
    > - These same questions above goes for the one port one can choose to
    > have open in the router to give the best possible chances for good sound
    > quality for Skype IP calls. How risky or not is it to have a few ports
    > open in you router firewall?
    >

    Some ports have to be open to operate.

    It's as risky as the software exposes the system to.

    I frequently use dynamically open ports by scripting the open an close
    in batch file that call the program in question.

    For example skype has the following vulnerabilities listed:


    Search Advisory, Vulnerability, and Virus Database

    Search: [Advanced Search]


    All Content Secunia Advisories Virus Information

    View full vulnerability report for a specific product:
    - Skype for Linux 0.x
    - Skype for Linux 1.x
    - Skype for Mac OS X 0.x
    - Skype for Mac OS X 1.x
    - Skype for Pocket PC 1.x
    - Skype for Windows 1.x


    Found: 3 Secunia Security Advisories, displaying 1-3

    Sort by: Match, Title, Date

    Title Date
    Skype Multiple Buffer Overflow Vulnerabilities 2005-10-25
    Skype "skype_profile.jpg" Insecure Temporary File Creation 2005-07-18
    Skype "callto:" URI Handler Buffer Overflow Vulnerability 2004-11-15



    Found: 5 Viruses, displaying 1-5

    W32/Mytob.gr@MM
    ....Suspended. We've got something we would like to share with you. Skype
    for Windows 1.4 - Have you got the new Skype? What is...
    Report from McAfee. On 19th Oct 2005.
    W32.Fanbot.A@mm
    ....ort@[RECIPIENT MAIL DOMAIN] Subject: One of the following: Share
    Skype. What is Skype? Skype for Windows 1.4 - Have you got...
    Report from Symantec. On 17th Oct 2005.
    Samony.A
    ....ionally, Samony.A spreads via email in a message that deals with
    Skype , which is a telephony over IP program. Visible Sympt...
    Report from Panda Antivirus. On 26th Oct 2005.
    W32.Looksky.A@mm
    ....e firewall settings. Distribution Subject of email : Skylook for
    Skype Name of attachment : skylook_1.exe Size of attachment...
    Report from Symantec. On 25th Oct 2005.
    W32.Mytob.ML@mm
    ....ed, it performs the following actions: Copies itself as
    %System%\skype32.exe. Note: %System% is a variable that refers to th...
    Report from Symantec. On 3rd Dec 2005.


    (from secunia http://secunia.com/search/?search=skype)

    All software opens the vulnerability window. Many factors including the
    software contol the danger to the local system. It depends if the
    benefits outweigh the risk of use.

    Not sure I have helped much but understand everything you use to
    communicate on the web increases your risk of compromise. How a tool is
    used (user behaviour) can significantly increase that risk. Opening
    unknown executables, and communicating with unknown people always
    increases the risk.

    Winged
     
    Winged, Jan 31, 2006
    #4
  5. AV

    Vaxius Guest

    On Mon, 30 Jan 2006 19:51:46 +0000, AV wrote:

    > To be able for another person to connect to my Netmeeting (conf.exe)in
    > Windows XP and share applications I would need to open the ports 1720
    > and 1503 in my router firewall.
    >
    > My wonder is how much more vulnerable I will be if I do that? It would
    > be nice not to have to open and close those ports over and over again in
    > my router firewall when I need it and instead having them open all the
    > time so it will just be to start Netmeeting when I need to collaborate
    > and share applications.
    >
    > - Is it just a risk (bigger or smaller?) when I have Netmeeting started
    > since I suppose some good hacker would need an application that actually
    > listens to those open ports to be able to do anything? If I normally
    > don't have Netmeeting started I suppose the ports could just as well be
    > open in my router all the time?
    >
    > - If it is a risk as described above, what if I create a rule in my
    > software firewall that blocks those two ports on the computer in my LAN
    > to which the ports are forwarded? It is quicker for me to put that rule
    > on and off in my software firewall than to open and close the ports in
    > the router.
    >
    > - These same questions above goes for the one port one can choose to
    > have open in the router to give the best possible chances for good sound
    > quality for Skype IP calls. How risky or not is it to have a few ports
    > open in you router firewall?


    In your router, you should find something called "port triggering." When
    a program on your computer (like Netmeeting or Skype) creates a
    connection, the router can be "triggered" to open that port, and it will
    then close when no longer in use. The ports are then only open while
    you're using these applications.
     
    Vaxius, Feb 2, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim Saunders
    Replies:
    0
    Views:
    3,705
    Jim Saunders
    Mar 5, 2004
  2. Replies:
    3
    Views:
    16,370
    Walter Roberson
    Feb 2, 2007
  3. kenny

    Forwarding ports (ICS)

    kenny, Nov 24, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    514
    fred-bloggs
    Nov 24, 2005
  4. Replies:
    1
    Views:
    864
  5. ToyalP2
    Replies:
    7
    Views:
    1,581
    ToyalP2
    Jan 7, 2008
Loading...

Share This Page