An open port is only a vulnerability in as far as the listening program bound to that port has an exploitable vulnerability that is publically known. If you use a well-maintained client like uTorrent and keep it updated, the chances of getting 0wned are practically zero.
Norton now considers Megaupload unsafe
- Thread starter Senior Idol
- Start date
-
Akiba-Online is sponsored by FileJoker.
FileJoker is a required filehost for all new posts and content replies in the Direct Downloads subforums.
Failure to include FileJoker links for Direct Download posts will result in deletion of your posts or worse.
For more information see this thread.
Opening a port is inviting intrusion and is a security vulnerability that has nothing to do with what program is using the port via port forwarding. This is not my opinion it is a fact. Perhaps some footnotes might be of help, I don't have any handy but maybe I can come up with some.
http://www.ehow.com/way_5401322_opening-ports-netgear.html
when looking for knowledge go see the master wiki:
http://en.wikipedia.org/wiki/Firewall_pinhole
Some nice quotes:
http://msdn.microsoft.com/en-us/library/aa302417.aspx
(this is just a link I came across but I enjoyed reading it and it seemed somewhat applicable)
Some interesting facts can also be obtained from reading the FAQ page at Peerblock.
http://www.peerblock.com/docs/faq
Searching for information to qualify my argument isn't what I came here to do but it was worth my time even if I help only one person. There is plenty of more information out there. Hackers don't always want to do something malicious to your computer. Sometimes they just want to snoop around copy files or gather information. Anti-P2P organizations, which there are a lot, just want to know who exactly is downloading what. We actually have a thread on someone getting an email from his ISP about illegal downloading here at Akiba Online, (http://www.akiba-online.com/forum/showthread.php?t=119217). In summary an open port is a vulnerability in and of itself, software vulnerabilities are another matter entirely and from my experience are a constant source and reason for software updates,(updates plug leaks but don't prevent new ones).
Last footnote:
http://en.wikipedia.org/wiki/Port_scanner
You are very confused. What I'm trying to explain to you is explicitly and implicitly mentioned in the links you provided. If you take Networking 101 at school, they will teach you about abstraction layers. Here's a simple write up on the TCP/IP transport layer: http://learn-networking.com/featured/how-the-transport-layer-works
A port is open when something in the application layer 'binds' to it. If there is nothing bound to that port, it is not open, by definition. It is the application or service, receiving and handling network data, that may or may not suffer from vulnerabilities.
Imagine a small C program that opens and listens on 30,000 ports, doing nothing with the incoming network traffic. This would be just as secure as a computer with 0 open ports, barring any security issues in the OS networking stack itself.
A port is open when something in the application layer 'binds' to it. If there is nothing bound to that port, it is not open, by definition. It is the application or service, receiving and handling network data, that may or may not suffer from vulnerabilities.
Imagine a small C program that opens and listens on 30,000 ports, doing nothing with the incoming network traffic. This would be just as secure as a computer with 0 open ports, barring any security issues in the OS networking stack itself.
That is what I mean by your computer expertise, you definitely have some. Somehow we still find a way to disagree. Must be my lack of education or some personal defect of my own. Reading your response it would seem that I inferred that port forwarding is a security risk when a bittorrent client such as utorrent is not active. If you are using a router only, I believe this to be accurate. Your router will forward all requests for the port specified whether or not you have the program active because the router has no idea if the program is active or not, that isn't how a router works. However a simple Ingress firewall does know if a program is active or not and should block all such requests but guess what? the firewall capability of the router has already been compromised and someone is now at your firewall. As soon as you open the utorrent application the firewall will stop blocking most of these TCP/UDP requests that the router was configured to forward as it assumes they are for your application,(in this case utorrent).
Try this:
Install Peerblock, (don't worry you can uninstall it at your leisure), besides the default list add the lists level1, edu, and Primary Threats.(http://iblocklist.com/lists.php), there are other good lists but this should be enough for this experiment. First make sure your utorrent or other P2P programs are off, then start the Peerblock application. I prefer to uncheck the "show allowed connections" in the settings area because I am more concerned with who I am blocking but that is up to you. If your firewall is working correctly you shouldn't see anything being blocked. If this is so open utorrent and see if this changes. Do you have enable DHT checked in utorrent? if not try checking that just for giggles. I suspect you will end up seeing IPs blocked by Peerblock, IPs that are not being blocked by your router or your firewall and that are not sharing files with you via utorrent. If you can view the IPs blocked by your firewall you can confirm this by turning Peerblock off and see if it is blocking the same IPs or these blocked IPs show up in utorrent as peers. This sure shouts vulnerability to me but I don't see how it is utorrent that is to blame as this is an inherent vulnerability in most P2P filesharing programs and not a unique one.
As far as the port being open or not because an application is not active? As far as the router is concerned I don't agree. Other than that? well some people have been known to use port scanners on their own computer to see just what ports are open to intrusion. These are known as port leak tests and they revolutionized firewalls as we know them today. There are other leak test sites,(just google for them), but pioneer Steve Gibson deserves some credit here so I will share his link.
http://www.grc.com/lt/leaktest.htm
I enjoyed the link you shared Rollyco although nothing I read led me to conclude I am wrong here. I also enjoy a fruitful discussion as it is always a good way that we can learn from each other.
Try this:
Install Peerblock, (don't worry you can uninstall it at your leisure), besides the default list add the lists level1, edu, and Primary Threats.(http://iblocklist.com/lists.php), there are other good lists but this should be enough for this experiment. First make sure your utorrent or other P2P programs are off, then start the Peerblock application. I prefer to uncheck the "show allowed connections" in the settings area because I am more concerned with who I am blocking but that is up to you. If your firewall is working correctly you shouldn't see anything being blocked. If this is so open utorrent and see if this changes. Do you have enable DHT checked in utorrent? if not try checking that just for giggles. I suspect you will end up seeing IPs blocked by Peerblock, IPs that are not being blocked by your router or your firewall and that are not sharing files with you via utorrent. If you can view the IPs blocked by your firewall you can confirm this by turning Peerblock off and see if it is blocking the same IPs or these blocked IPs show up in utorrent as peers. This sure shouts vulnerability to me but I don't see how it is utorrent that is to blame as this is an inherent vulnerability in most P2P filesharing programs and not a unique one.
As far as the port being open or not because an application is not active? As far as the router is concerned I don't agree. Other than that? well some people have been known to use port scanners on their own computer to see just what ports are open to intrusion. These are known as port leak tests and they revolutionized firewalls as we know them today. There are other leak test sites,(just google for them), but pioneer Steve Gibson deserves some credit here so I will share his link.
http://www.grc.com/lt/leaktest.htm
I enjoyed the link you shared Rollyco although nothing I read led me to conclude I am wrong here. I also enjoy a fruitful discussion as it is always a good way that we can learn from each other.
That's impossible. If uTorrent is closed, the listening port is closed, and the router will drop any incoming packets because there is no destination. Run netstat and see for yourself how listening ports appear and disappear when applications are started and stopped.
Yes, it does. Modern routers and firewalls are "stateful". They do keep track of connections, and do not drop all packets, only those that are not part of a user-initiated session. See http://en.wikipedia.org/wiki/Stateful_Packet_Inspection
A stateful firewall or router needs more than just an open port to start forwarding packets. Packets also need to be part of an existing session, else they are discarded. This is the reason why typical malware bots, port scans, and other random unsolicited traffic are completely foiled by a router or simple Windows XP firewall.
I think you are confusing firewalls and routers. Windows XP firewalls are inefficient and there are very few firewalls available that offer such limited protection. Maybe you should take the Firewall leak test using the link I provided. You assuredly didn't try the Peerblock test. I still suggest trying Peerblock as it also blocks outgoing connections, something the Windows XP Firewall won't even do. As far as routers go they all work a little differently, what router do you use? Nice wiki links but you are wrong as far as I'm aware, a router sends packets to an address not a program. Is your router integrated into you personal computer? never heard of that, it kind of defeats the purpose of a router doesn't it? A router is designed to connect a network to the internet and firewall capabilities are for the most part incidental, although admittedly effective. It is not meant to replace a software firewall,(but does compliment a good one).
I might try the Netstat program, I will look into that, thanks.
I might try the Netstat program, I will look into that, thanks.
A router with stateful packet inspection (i.e. most consumer models on the market) that's not in DMZ mode and a stateful ingress firewall like the one in Windows XP perform exactly the same function: blocking unsolicited incoming packets. You can't call the XP firewall inefficient because it does exactly that, and it does it well.
Why? That test doesn't examine ingress, only egress. And I don't use an egress firewall at the moment.
Also don't need it. In my opinion, IP lists of that nature serve a (dubious) purpose only for those people who feel they are likely targets of copyright infringement notices. They don't do a bit of good against botnets and malicious IPs. There are too many and change too frequently.
To an address and a port. Which is the same thing as saying "to an application on a computer."
Yep. You should read them sometime. :tea:
Yeah I read the links. I only thanked you for them because I was trying to be polite. You should try that sometime.
If you are so convinced of yourself I guess there is no use continuing this on my part. Not surprised this discussion was fruitless but I am disappointed. Like a firewall is expected to do you block any unwanted information and only allow that which you are interested in. Of course nothing works like we expect it to so I had hopes you might be willing to exchange information and not just give it. An Ingress only firewall is a piece of shit because information goes in two directions, especially when using P2P, but in all other cases as well. So only being concerned what is coming in and not going out of your computer sounds ignorant to me. So I tried to change your mind, unsuccessfully.
You have a right to your opinion of course and I hope you enjoyed it but I was not impressed. Be well and enjoy the day and those to come ahead of you.
Ceewan
If you are so convinced of yourself I guess there is no use continuing this on my part. Not surprised this discussion was fruitless but I am disappointed. Like a firewall is expected to do you block any unwanted information and only allow that which you are interested in. Of course nothing works like we expect it to so I had hopes you might be willing to exchange information and not just give it. An Ingress only firewall is a piece of shit because information goes in two directions, especially when using P2P, but in all other cases as well. So only being concerned what is coming in and not going out of your computer sounds ignorant to me. So I tried to change your mind, unsuccessfully.
You have a right to your opinion of course and I hope you enjoyed it but I was not impressed. Be well and enjoy the day and those to come ahead of you.
Ceewan
Ceewan,
please don't take it personally, but Rollyco is correct. I wanted to explain further but I realized I would just be echoing his words. Quite recently I behaved like an asshole on this forum and now at the risk of sounding pretentious, I would like you to take the following advice as friendly because that's what it is.
If you're really interested in computer networks, I suggest that instead of reading dozens of wiki and other pages across the web (which you should always take with a grain of salt), you take a book like amply titled Computer Networks, 4th Edition (long but easy to read, and with clearly defined and rounded chapters) by Andrew S. Tanenbaum that will explain some fundamental concepts behind not only Internet but networks in general.
I know it may sound condescending but then you'll understand why while you talk about IP addresses and ports, Rollyco is talking about computers and applications; what he means by user-initiated session and by packets who need to be part of an existing session; and what are abstraction layers. You can probably find about all of this on wikipedia, but it's no match to a good book.
please don't take it personally, but Rollyco is correct. I wanted to explain further but I realized I would just be echoing his words. Quite recently I behaved like an asshole on this forum and now at the risk of sounding pretentious, I would like you to take the following advice as friendly because that's what it is.
If you're really interested in computer networks, I suggest that instead of reading dozens of wiki and other pages across the web (which you should always take with a grain of salt), you take a book like amply titled Computer Networks, 4th Edition (long but easy to read, and with clearly defined and rounded chapters) by Andrew S. Tanenbaum that will explain some fundamental concepts behind not only Internet but networks in general.
I know it may sound condescending but then you'll understand why while you talk about IP addresses and ports, Rollyco is talking about computers and applications; what he means by user-initiated session and by packets who need to be part of an existing session; and what are abstraction layers. You can probably find about all of this on wikipedia, but it's no match to a good book.