Re: What's wrong with opening a port on the firewall?
From: Jason Edwards (none1_at_invalid.invalid)
Date: 02/18/05
- Next message: Gerald Vogt: "Re: home network behind NAT and firewall ?"
- Previous message: Sander Smith: "What's wrong with opening a port on the firewall?"
- In reply to: Sander Smith: "What's wrong with opening a port on the firewall?"
- Next in thread: Gerald Vogt: "Re: What's wrong with opening a port on the firewall?"
- Reply: Gerald Vogt: "Re: What's wrong with opening a port on the firewall?"
- Reply: Sander Smith: "Re: What's wrong with opening a port on the firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Feb 2005 14:33:38 -0000
"Sander Smith" <sander_smith@hotmail.com> wrote in message
news:Xns9601559025565sandersmithhotmailco@216.196.97.142...
> I have a bit of a not-so-naive question I hope I can get answered. In
> general, I think there's a lot of fear from users to opening a port on
> their router/firewall because of security concerns. I'd like to
> understand the exact reason for this.
Human nature.
Fear of the unknown.
Media hype.
Misunderstanding.
Ask 10 home users what an open port is. Get 10 contradictory answers.
>
> Now I can understand that if some clueless person installs some
> questionable application on his Windows machine and opens up a port on
> his router so that it can work, he's opening himself up to a lot of
> trouble.
Possibly. It depends on what this application is offering to other people on
the Internet and whether it has any vulnerabilities such as a buffer overrun
or misconfiguration which allows anyone to use it instead of only the
intended person.
> But what is the real problem of doing this?
There isn't one if you know what you're doing.
> I understand that a
> buggy app or an unpatched (or even patched!) Windows environment probably
> has loads of exploitable problems that hackers can find and do damage
> with.
This is true. Set up Windows 2000 RTM as a web server listening to the
Internet. It will get owned in a matter of hours. Days at most.
>
> But what if the thing listening on the other end of the open port was
> some hardware device based on Linux and running some Java app. Assuming
> that all of that were relatively safe, would I still need to worry about
> the open port boogeyman?
I have various Windows boxes with up to four ports listening to the
Internet.
I've had no problem in six years.
I also have one of these listening to the Internet
http://www.maxim-ic.com/TINIplatform.cfm
>
> What about DOS attacks? If I have a relatively strong and locked down app
> that will turn away everyone that I can't authenticate, how much more
> susceptable to DOS attacks am I vs. if I simply keep my router closed?
It depends on what you mean be a DOS attack.
If you get a real Denial of Service attack then it's likely that you already
know why you are getting such an attack. Ask yourself whether or not anyone
might have any reason to send a DOS attack your way. In most cases there is
not likely to be any reason and therefore no need to worry about DOS
attacks.
If you're turning away anyone who can't authenticate then I can see no
reason to worry as long as it's not trivial to crack or obtain passwords or
other useful information.
>
> Finally, I know that opening ports is hard because most people don't know
> how to configure their router. Can't you use something like UPnP to do
> this automatically?
Many people view UPnP as a security risk but this may be partly due to hype
over certain Windows vulnerabilities which were fixed long ago.
> But then again, how automatically can it be? Can apps
> just open router ports by themselves, or do they need to prompt the user
> for a password first?
I don't use UPnP but you're not going to be prompted for anything if you do
use it, as far as I know.
Jason
>
> Sander Smith
- Next message: Gerald Vogt: "Re: home network behind NAT and firewall ?"
- Previous message: Sander Smith: "What's wrong with opening a port on the firewall?"
- In reply to: Sander Smith: "What's wrong with opening a port on the firewall?"
- Next in thread: Gerald Vogt: "Re: What's wrong with opening a port on the firewall?"
- Reply: Gerald Vogt: "Re: What's wrong with opening a port on the firewall?"
- Reply: Sander Smith: "Re: What's wrong with opening a port on the firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
