Open UDP Ports

Discussion in 'Port Explorer' started by krutz, Nov 30, 2003.

Thread Status:
Not open for further replies.
  1. krutz

    krutz Registered Member

    Joined:
    Nov 30, 2003
    Posts:
    2
    Hi!

    I have two general questions about ports/sockets:

    Is an open socket (listed in Port Explorer as "listening UDP - local address 192.168.253.100/1030 (my pc) - remote 194.8.194.60/53 (netcologne.de/DNS)" really fixed to the remote the IP? What happens if any other ip sends data to this open port? - In case it will be ignored, who ignores it? The Windows TCP/IP-Stack or will the data get dropped by the program which opened the port?

    I have a Palm and the program (hotsync.exe) who syncs the data between the handheld and my pc opens a udp port listening at local address 0.0.0.0/14237 and remote *.*.*.*/* ... what does that mean? Is it an half open port (maybe the socket creation process is not completed?) where only the local part defined is? Can any IP/Port send Data to it? Im a little bit confused about that... :)

    Thanks in advance!
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi krutz

    ...welcome to Wilders :)

    Your example would appear to be a valid DNS request by your system. Your system initiated the DNS request using local port 1030 to remote address 194.8.194.60 on remote service/port 53 (DNS). The local port on your system would be "fixed" to this remote address and port as long as it takes for the established DNS querry to finish. Once the established connection is finished the local port (1030) is closed.

    If you have a firewall in place, any unsolicited packets and those not part of a valid connection would be dropped/blocked.

    hotsync.exe is acting as a server on your system and opened UDP port 14237 in order to listen for inbound connections from the Palm. If your system is not protected by a firewall, this UPD port would be open to the network (Internet), and vulnerable to any exploits hotsync.exe may have.

    Regards,

    CrazyM
     
  3. krutz

    krutz Registered Member

    Joined:
    Nov 30, 2003
    Posts:
    2
    Thank you very much for your answers.
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Nothing more to say, good post CrazyM :)

    -Jason-
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Great Answer Crazy M :)

    Port Explorer is one very good user friendly tool, certainly helped me understand a lot more about the pitfalls of open connections and other port interactions.
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    The HELP file is very instructive in that too, good read
     
Thread Status:
Not open for further replies.