PDA

View Full Version : Port Forwarding, Any dangers?

Cormack
February 12th, 2006, 07:00 PM
I've just switched to an ISP that requires me to use a router, which is ofcourse a good thing.
However, i have no experience with routers but managed to set up a static IP and do some port forwarding for some internet games and applications.
But - correct me if i'm wrong - when i forward these ports they they will be open whenever i'm on the internet(?).
Does that mean that f.e a hacker can exploit these ports with ease or are they still protected by the router (and NAT)?

Secondly, i've read that UPnP is a security hole.
Is there any truth in this?
I mean, if it's secure enough UPnP would make all this port forwarding alot easier.

Last, i'm using Look'n'Stop for app control, is this and the router enough protection (antispy/malware and AV programs excluded)?
CrazyM
February 12th, 2006, 07:50 PM
Hi Cormack

... and welcome to Wilders :)

{QUOTE-> I've just switched to an ISP that requires me to use a router, which is ofcourse a good thing.
However, i have no experience with routers but managed to set up a static IP and do some port forwarding for some internet games and applications.
But - correct me if i'm wrong - when i forward these ports they they will be open whenever i'm on the internet(?). <-QUOTE}
Correct, as long as the router is connected to your ISP they will be open.

{QUOTE-> Does that mean that f.e a hacker can exploit these ports with ease or are they still protected by the router (and NAT)? <-QUOTE}
It is not the open/forwarded ports that are exploited, there has to be a service listening on those ports that is vulnerable or can be exploited. With port forwarding your game or application would have to running and listening on those ports before any exploit could be attempted.

{QUOTE-> Secondly, i've read that UPnP is a security hole.
Is there any truth in this?
I mean, if it's secure enough UPnP would make all this port forwarding alot easier. <-QUOTE}
If your games/applications are UPnP enabled, it would be an option to permanent port forwarding as it is more dynamic, allowing forwarded ports when required.

{QUOTE-> Last, i'm using Look'n'Stop for app control, is this and the router enough protection (antispy/malware and AV programs excluded)? <-QUOTE}
Yes it should be fine. You could modify your application rules in LnS so those inbound connections/rules are only active when the application(s) is running.

Regards,

CrazyM