What is an Open Port?

If I have an application that is listening on a specific port, such as Outlook Express is below on port 3182, does that mean this port is OPEN and vulnerable to attack?

 

Thanks, Ron. I have port info. What I'm asking is if an application is considered to be listening to a specific port, is that specific port considered to be open and vulnerable to attack?

 

That's exactly my question. It seems that is has to be OPEN for the application to use it, but does that mean the bad guys can hack in via that port?

For example, I've got a weather application on my PC that is constantly listening on a specific port. That application is ON all the time. So does that mean someone could scan my PC with a port scanner, find that port is open, hack into it?

 

There is an FAQ at the Outpost forum that tries to explain this - Online Scans - What to do with Open and Closed Ports. Hope it helps.

 

\

Great site, P2K. And that post authored by a well-informed person.

 

GRC didn't list that port in their tests. I wonder if there is a way to test a specific port using TDS-3. I'll bet there is - I'll do some reading.

 

The simple answer to your question is no. To say that an application is "listening" to a port means that the operating system has reserved the port for that application. It does not mean that it is visible to or worse accessible to the outside, i.e., a probe of the port will elicit a response that the port is open and available to accept data, or merely closed, meaning the port responds that it exists, but will not accept incoming data.

To give a more concrete example, I utilize a program called Port Explorer (whose forum happens to be here at Wilders). It currently shows that I have some operating system components, my browser, my antispam program and my ad eliminating program listening to various ports.

However, I use a software firewall (Looknstop) and when I test my computer on sites such as http://grc.com, (being careful to bypass the wireless router which itself has a firewall) it shows that all my ports are "stealthed." This means that an incoming probe will not get any response at all from the port, as if the port were not even there.

So, the bottom line is that merely because a program is "listening" does not necessarily mean that program is holding open the port to outside probes. This isn't to say that the port isn't open or merely closed. It's only to say that it isn't automatically open. To insure your ports are closed, or even better "stealthed" you need a good hardware or software firewall. Your footer indicates you use ZoneAlarm Pro, so if you have it configured correctly, you are probably set on that front.

In response to your wishing to check on ports with numbers higher than 1056, I believe the auditmypc web site allows testing all 65,535 ports.

 

If the port is not detected by a scan site then it is very likely not open to the outside world. If an application opens a port but accepts connections from localhost only (127.0.0.1), then no outsider is going to be able to exploit it (and you can block non-localhost access via your firewall for that application to be doubly sure).

As for your weather application, as long as it is initiating the requests for information then it should not be open to attackers (an attacker could try hijacking any existing network connection though - doable but tricky). Only those applications that accept unsolicited incoming traffic (you would have to give them server rights in ZoneAlarm and they should then be visible as open ports to scanners) offer an obvious entry route for any attacker.

If you really want to test your system security, then you need to do it from another PC and use a port scanner like Nmap.

 

Thanks to both of you. I do have ZA configured with no applications given INTERNET ZONE server rights. Except for svchost.exe. - and only from a specific IP address for the purposes of allowing for automatic time updates. It sounds as if I can assume that even in this example for someone to hack in the attacker would have to originate from that specific IP that I've given inbound access to. Am I understanding this correctly?

 

Hello again, profhsg.

I ran a very comprehensive test on the AUDITMYPC site. Passed with flying colors. But I'm wondering if this is a test of my hardware firewall, and not ZA. The IP address tested was my modem's IP, and not my PC (modem/router uses NAT). I'm not sure how to bypass my modem/router (one in the same). I have a wired network (not wireless).

 

I'm not really sure how to do it for your exact setup. For me, it's easy. I just plug the cable from my DSL modem directly into my laptop's LAN port, thereby bypassing the wireless router. Many routers and modems allow the user to configure the device to either disable the NAT or to set up what's called a DMZ (any device which is assigned to the DMZ is not subject to the router/modem's hardware firewall). All I can suggest is to look at your router/modem's documentation to see if either of these things can be done and how to do them. I'm sorry I couldn't be more helpful. Perhaps another forum participant can take it from here.

 

Daisey... Dead easy to scan 3182 at GRC... to to the site... now, where you select the Ports to scan.. you will see a blank empty box, type in the port number and select 'User Specified Custom Port Probe' and click that.. it will scan ANY port you enter.

TAS

 

Here...

 

As far as I understand it.. all Ports can be classed as Open, from the INSIDE looking out.. as per "Listening" unless you specifically CLOSE/BLOCK a Port manually like with gkweb's WWDC.exe 445, 1025, 135-139 ports it CLOSES.

It's from the Outside looking back in that it's Closed... exactly like your home with tinted windows.

You can lock the windows, but be looking out, no one can see in. Unless you Open them.

TAS... Just my 0.02 worth

 

You're correct - you are testing your modem. There are 2 ways around this (outlined in the FAQ I linked to above) - configure your modem/router temporarily to pass all unsolicited traffic to your PC (this may be referred to as port forwarding or creating a DMZ) or using a dial-up connection for the duration of the scan.

 

Hi

You will have to forgive me since it is early and my new job only requires swapping boards and not troubleshooting to the component level so I am rusty.

If you look at this electronicly, the port can only be either open or closed.
The port is really only a light switch that is turned OFF ( open circuit but closed port) or ON ( closed circuit but open port) LOL
when an application is LISTENING to a port it can do it a few different ways.
a bad way to be to actualy pulse the port on and off to see if there is any info there or the better way would be to electronicly look at the logic state of the port gate. The software goest out to the I/O and looks at the input of the gate and says to itself ok if the input is this condition, the gate is open or closed.
One thing I can't remember is if it is a logic high or logic low that turns the gate ( PORT ) on lol
let's just say if one motherboard manufacturer decided to use a different type
I/O interface they may be using a logic low to turn on the gate and not a high
this would be confusing to software trying to figure out if the gate ( port ) is open or closed.

well now that I have confused us all I will go drink more coffee


Bruce

 

Daisey,

I think you should stop worrying so much, between your use of ZAP with no programs having server rights (minus your one exception of course) and being behind a router or hadware firewall you are more than adequately secure in your internet travels. So relax, and cheer up, Its football season, there are much more important things to worry about. Go Cowboys!!

From a current Texan, sorry you had to leave this great state.

 

GO VIKINGS!!!!!!!!!!!!!!

 

LOL an open port is kind of like being caught with your pants down.

 

Pants down for an open port? Sure glad these pixels don't show that! This group might all be arrested!

Seriously, having any security concerns like ports that are exposed and educating ourselves about them is a very healthy thing to do! Most people I know are very much ignorant of safe computing practices.

 

Your probably right, flyrfan111. But it's good to know, and this is a great place to learn.

Amen to that!

Wasn't my choice.

 

Yes it is a great place to learn, and I'll bite, what happened? or should I start a new thread for that? or a PM.