Norton now considers Megaupload unsafe

Rollyco

Team Tomoe
Oct 4, 2007
3,556
34
An open port is only a vulnerability in as far as the listening program bound to that port has an exploitable vulnerability that is publically known. If you use a well-maintained client like uTorrent and keep it updated, the chances of getting 0wned are practically zero.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
An open port is only a vulnerability in as far as the listening program bound to that port has an exploitable vulnerability that is publically known. If you use a well-maintained client like uTorrent and keep it updated, the chances of getting 0wned are practically zero.

Opening a port is inviting intrusion and is a security vulnerability that has nothing to do with what program is using the port via port forwarding. This is not my opinion it is a fact. Perhaps some footnotes might be of help, I don't have any handy but maybe I can come up with some.

Caution
Each open port provides a 'hole' through your firewall making your computer that much more vulnerable to Internet threats. It is necessary to open ports in order for certain games and applications to function properly, but don't open more ports than are required. If a program requires ports to be open, the instructions will give specific ports or port ranges. Don't open more than is necessary to run the software.

http://www.ehow.com/way_5401322_opening-ports-netgear.html

when looking for knowledge go see the master wiki:

Leaving open gaps in a firewall exposes the protected system to malicious abuse.

http://en.wikipedia.org/wiki/Firewall_pinhole

Some nice quotes:

Do firewalls have their place? Of course they do. Firewalls are great at blocking ports. Some firewall applications examine communications and can provide very advanced protection. Firewalls are an integral part of your security, but they are not a complete solution by themselves

Threats, Vulnerabilities, and Attacks Defined

A threat is any potential occurrence, malicious or otherwise, that could harm an asset. In other words, a threat is any bad thing that can happen to your assets.

A vulnerability is a weakness that makes a threat possible. This may be because of poor design, configuration mistakes, or inappropriate and insecure coding techniques. Weak input validation is an example of an application layer vulnerability, which can result in input attacks.

An attack is an action that exploits a vulnerability or enacts a threat. Examples of attacks include sending malicious input to an application or flooding a network in an attempt to deny service.

To summarize, a threat is a potential event that can adversely affect an asset, whereas a successful attack exploits vulnerabilities in your system.

http://msdn.microsoft.com/en-us/library/aa302417.aspx
(this is just a link I came across but I enjoyed reading it and it seemed somewhat applicable)

Some interesting facts can also be obtained from reading the FAQ page at Peerblock.

http://www.peerblock.com/docs/faq

Searching for information to qualify my argument isn't what I came here to do but it was worth my time even if I help only one person. There is plenty of more information out there. Hackers don't always want to do something malicious to your computer. Sometimes they just want to snoop around copy files or gather information. Anti-P2P organizations, which there are a lot, just want to know who exactly is downloading what. We actually have a thread on someone getting an email from his ISP about illegal downloading here at Akiba Online, (http://www.akiba-online.com/forum/showthread.php?t=119217). In summary an open port is a vulnerability in and of itself, software vulnerabilities are another matter entirely and from my experience are a constant source and reason for software updates,(updates plug leaks but don't prevent new ones).

Last footnote:
http://en.wikipedia.org/wiki/Port_scanner
 

Rollyco

Team Tomoe
Oct 4, 2007
3,556
34
You are very confused. What I'm trying to explain to you is explicitly and implicitly mentioned in the links you provided. If you take Networking 101 at school, they will teach you about abstraction layers. Here's a simple write up on the TCP/IP transport layer: http://learn-networking.com/featured/how-the-transport-layer-works

A port is simply an internal address that acts as a pathway to control data flow [...] each port [is] specific to a certain application.

the port number is used to tell the receiving computer what kind of application should handle it.

A port is open when something in the application layer 'binds' to it. If there is nothing bound to that port, it is not open, by definition. It is the application or service, receiving and handling network data, that may or may not suffer from vulnerabilities.

Imagine a small C program that opens and listens on 30,000 ports, doing nothing with the incoming network traffic. This would be just as secure as a computer with 0 open ports, barring any security issues in the OS networking stack itself.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
That is what I mean by your computer expertise, you definitely have some. Somehow we still find a way to disagree. Must be my lack of education or some personal defect of my own. Reading your response it would seem that I inferred that port forwarding is a security risk when a bittorrent client such as utorrent is not active. If you are using a router only, I believe this to be accurate. Your router will forward all requests for the port specified whether or not you have the program active because the router has no idea if the program is active or not, that isn't how a router works. However a simple Ingress firewall does know if a program is active or not and should block all such requests but guess what? the firewall capability of the router has already been compromised and someone is now at your firewall. As soon as you open the utorrent application the firewall will stop blocking most of these TCP/UDP requests that the router was configured to forward as it assumes they are for your application,(in this case utorrent).

Try this:

Install Peerblock, (don't worry you can uninstall it at your leisure), besides the default list add the lists level1, edu, and Primary Threats.(http://iblocklist.com/lists.php), there are other good lists but this should be enough for this experiment. First make sure your utorrent or other P2P programs are off, then start the Peerblock application. I prefer to uncheck the "show allowed connections" in the settings area because I am more concerned with who I am blocking but that is up to you. If your firewall is working correctly you shouldn't see anything being blocked. If this is so open utorrent and see if this changes. Do you have enable DHT checked in utorrent? if not try checking that just for giggles. I suspect you will end up seeing IPs blocked by Peerblock, IPs that are not being blocked by your router or your firewall and that are not sharing files with you via utorrent. If you can view the IPs blocked by your firewall you can confirm this by turning Peerblock off and see if it is blocking the same IPs or these blocked IPs show up in utorrent as peers. This sure shouts vulnerability to me but I don't see how it is utorrent that is to blame as this is an inherent vulnerability in most P2P filesharing programs and not a unique one.

As far as the port being open or not because an application is not active? As far as the router is concerned I don't agree. Other than that? well some people have been known to use port scanners on their own computer to see just what ports are open to intrusion. These are known as port leak tests and they revolutionized firewalls as we know them today. There are other leak test sites,(just google for them), but pioneer Steve Gibson deserves some credit here so I will share his link.
http://www.grc.com/lt/leaktest.htm

I enjoyed the link you shared Rollyco although nothing I read led me to conclude I am wrong here. I also enjoy a fruitful discussion as it is always a good way that we can learn from each other.
 

Rollyco

Team Tomoe
Oct 4, 2007
3,556
34
port forwarding is a security risk when a bittorrent client such as utorrent is not active. If you are using a router only, I believe this to be accurate. Your router will forward all requests for the port specified whether or not you have the program active because the router has no idea if the program is active or not
That's impossible. If uTorrent is closed, the listening port is closed, and the router will drop any incoming packets because there is no destination. Run netstat and see for yourself how listening ports appear and disappear when applications are started and stopped.

a simple Ingress firewall does know if a program is active or not and should block all such requests
Yes, it does. Modern routers and firewalls are "stateful". They do keep track of connections, and do not drop all packets, only those that are not part of a user-initiated session. See http://en.wikipedia.org/wiki/Stateful_Packet_Inspection

As soon as you open the utorrent application the firewall will stop blocking most of these TCP/UDP requests that the router was configured to forward as it assumes they are for your application,(in this case utorrent).
A stateful firewall or router needs more than just an open port to start forwarding packets. Packets also need to be part of an existing session, else they are discarded. This is the reason why typical malware bots, port scans, and other random unsolicited traffic are completely foiled by a router or simple Windows XP firewall.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
I think you are confusing firewalls and routers. Windows XP firewalls are inefficient and there are very few firewalls available that offer such limited protection. Maybe you should take the Firewall leak test using the link I provided. You assuredly didn't try the Peerblock test. I still suggest trying Peerblock as it also blocks outgoing connections, something the Windows XP Firewall won't even do. As far as routers go they all work a little differently, what router do you use? Nice wiki links but you are wrong as far as I'm aware, a router sends packets to an address not a program. Is your router integrated into you personal computer? never heard of that, it kind of defeats the purpose of a router doesn't it? A router is designed to connect a network to the internet and firewall capabilities are for the most part incidental, although admittedly effective. It is not meant to replace a software firewall,(but does compliment a good one).



I might try the Netstat program, I will look into that, thanks.
 

Rollyco

Team Tomoe
Oct 4, 2007
3,556
34
I think you are confusing firewalls and routers.
A router with stateful packet inspection (i.e. most consumer models on the market) that's not in DMZ mode and a stateful ingress firewall like the one in Windows XP perform exactly the same function: blocking unsolicited incoming packets. You can't call the XP firewall inefficient because it does exactly that, and it does it well.

Maybe you should take the Firewall leak test
Why? That test doesn't examine ingress, only egress. And I don't use an egress firewall at the moment.

I still suggest trying Peerblock
Also don't need it. In my opinion, IP lists of that nature serve a (dubious) purpose only for those people who feel they are likely targets of copyright infringement notices. They don't do a bit of good against botnets and malicious IPs. There are too many and change too frequently.

a router sends packets to an address not a program.
To an address and a port. Which is the same thing as saying "to an application on a computer."

Nice wiki links
Yep. You should read them sometime. :tea:
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
Yeah I read the links. I only thanked you for them because I was trying to be polite. You should try that sometime.

If you are so convinced of yourself I guess there is no use continuing this on my part. Not surprised this discussion was fruitless but I am disappointed. Like a firewall is expected to do you block any unwanted information and only allow that which you are interested in. Of course nothing works like we expect it to so I had hopes you might be willing to exchange information and not just give it. An Ingress only firewall is a piece of shit because information goes in two directions, especially when using P2P, but in all other cases as well. So only being concerned what is coming in and not going out of your computer sounds ignorant to me. So I tried to change your mind, unsuccessfully.

You have a right to your opinion of course and I hope you enjoyed it but I was not impressed. Be well and enjoy the day and those to come ahead of you.

Ceewan
 

shadeofgray

Active Member
Sep 22, 2009
316
242
Ceewan,
please don't take it personally, but Rollyco is correct. I wanted to explain further but I realized I would just be echoing his words. Quite recently I behaved like an asshole on this forum and now at the risk of sounding pretentious, I would like you to take the following advice as friendly because that's what it is.

If you're really interested in computer networks, I suggest that instead of reading dozens of wiki and other pages across the web (which you should always take with a grain of salt), you take a book like amply titled Computer Networks, 4th Edition (long but easy to read, and with clearly defined and rounded chapters) by Andrew S. Tanenbaum that will explain some fundamental concepts behind not only Internet but networks in general.

I know it may sound condescending but then you'll understand why while you talk about IP addresses and ports, Rollyco is talking about computers and applications; what he means by user-initiated session and by packets who need to be part of an existing session; and what are abstraction layers. You can probably find about all of this on wikipedia, but it's no match to a good book.