What is an Open Port?

Discussion in 'other firewalls' started by Dazed_and_Confused, Sep 7, 2004.

Thread Status:
Not open for further replies.
  1. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    If I have an application that is listening on a specific port, such as Outlook Express is below on port 3182, does that mean this port is OPEN and vulnerable to attack? o_O
     

    Attached Files:

  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    With a router and or firewall, I think not.

    Now that I said that, we should get a response.
     
  5. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    That's exactly my question. It seems that is has to be OPEN for the application to use it, but does that mean the bad guys can hack in via that port?

    For example, I've got a weather application on my PC that is constantly listening on a specific port. That application is ON all the time. So does that mean someone could scan my PC with a port scanner, find that port is open, hack into it?
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    Have you done a scan at grc.com with that port being open?
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
  8. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
  9. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    GRC didn't list that port in their tests. I wonder if there is a way to test a specific port using TDS-3. I'll bet there is - I'll do some reading.
     
  10. profhsg

    profhsg Registered Member

    Joined:
    May 18, 2004
    Posts:
    145
    The simple answer to your question is no. To say that an application is "listening" to a port means that the operating system has reserved the port for that application. It does not mean that it is visible to or worse accessible to the outside, i.e., a probe of the port will elicit a response that the port is open and available to accept data, or merely closed, meaning the port responds that it exists, but will not accept incoming data.

    To give a more concrete example, I utilize a program called Port Explorer (whose forum happens to be here at Wilders). It currently shows that I have some operating system components, my browser, my antispam program and my ad eliminating program listening to various ports.

    However, I use a software firewall (Looknstop) and when I test my computer on sites such as http://grc.com, (being careful to bypass the wireless router which itself has a firewall) it shows that all my ports are "stealthed." This means that an incoming probe will not get any response at all from the port, as if the port were not even there.

    So, the bottom line is that merely because a program is "listening" does not necessarily mean that program is holding open the port to outside probes. This isn't to say that the port isn't open or merely closed. It's only to say that it isn't automatically open. To insure your ports are closed, or even better "stealthed" you need a good hardware or software firewall. Your footer indicates you use ZoneAlarm Pro, so if you have it configured correctly, you are probably set on that front.

    In response to your wishing to check on ports with numbers higher than 1056, I believe the auditmypc web site allows testing all 65,535 ports.
     
    Last edited: Sep 7, 2004
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    If the port is not detected by a scan site then it is very likely not open to the outside world. If an application opens a port but accepts connections from localhost only (127.0.0.1), then no outsider is going to be able to exploit it (and you can block non-localhost access via your firewall for that application to be doubly sure).

    As for your weather application, as long as it is initiating the requests for information then it should not be open to attackers (an attacker could try hijacking any existing network connection though - doable but tricky). Only those applications that accept unsolicited incoming traffic (you would have to give them server rights in ZoneAlarm and they should then be visible as open ports to scanners) offer an obvious entry route for any attacker.

    If you really want to test your system security, then you need to do it from another PC and use a port scanner like Nmap.
     
  12. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks to both of you. :) I do have ZA configured with no applications given INTERNET ZONE server rights. Except for svchost.exe. - and only from a specific IP address for the purposes of allowing for automatic time updates. It sounds as if I can assume that even in this example for someone to hack in the attacker would have to originate from that specific IP that I've given inbound access to. Am I understanding this correctly?
     
  13. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello again, profhsg. :)

    I ran a very comprehensive test on the AUDITMYPC site. Passed with flying colors. But I'm wondering if this is a test of my hardware firewall, and not ZA. The IP address tested was my modem's IP, and not my PC (modem/router uses NAT). I'm not sure how to bypass my modem/router (one in the same). I have a wired network (not wireless).
     
  14. profhsg

    profhsg Registered Member

    Joined:
    May 18, 2004
    Posts:
    145
    I'm not really sure how to do it for your exact setup. For me, it's easy. I just plug the cable from my DSL modem directly into my laptop's LAN port, thereby bypassing the wireless router. Many routers and modems allow the user to configure the device to either disable the NAT or to set up what's called a DMZ (any device which is assigned to the DMZ is not subject to the router/modem's hardware firewall). All I can suggest is to look at your router/modem's documentation to see if either of these things can be done and how to do them. I'm sorry I couldn't be more helpful. Perhaps another forum participant can take it from here.
     
  15. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Daisey... Dead easy to scan 3182 at GRC... to to the site... now, where you select the Ports to scan.. you will see a blank empty box, type in the port number and select 'User Specified Custom Port Probe' and click that.. it will scan ANY port you enter.

    TAS
     

    Attached Files:

    • 091.GIF
      091.GIF
      File size:
      11.3 KB
      Views:
      573
  16. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Here...:)
     

    Attached Files:

    • 092.GIF
      092.GIF
      File size:
      7 KB
      Views:
      573
  17. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    As far as I understand it.. all Ports can be classed as Open, from the INSIDE looking out.. as per "Listening" unless you specifically CLOSE/BLOCK a Port manually like with gkweb's WWDC.exe 445, 1025, 135-139 ports it CLOSES.

    It's from the Outside looking back in that it's Closed... exactly like your home with tinted windows.

    You can lock the windows, but be looking out, no one can see in. Unless you Open them.

    TAS... Just my 0.02 worth :)
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    You're correct - you are testing your modem. There are 2 ways around this (outlined in the FAQ I linked to above) - configure your modem/router temporarily to pass all unsolicited traffic to your PC (this may be referred to as port forwarding or creating a DMZ) or using a dial-up connection for the duration of the scan.
     
  19. controler

    controler Guest

    Hi

    You will have to forgive me since it is early and my new job only requires swapping boards and not troubleshooting to the component level so I am rusty.

    If you look at this electronicly, the port can only be either open or closed.
    The port is really only a light switch that is turned OFF ( open circuit but closed port) or ON ( closed circuit but open port) LOL
    when an application is LISTENING to a port it can do it a few different ways.
    a bad way to be to actualy pulse the port on and off to see if there is any info there or the better way would be to electronicly look at the logic state of the port gate. The software goest out to the I/O and looks at the input of the gate and says to itself ok if the input is this condition, the gate is open or closed.
    One thing I can't remember is if it is a logic high or logic low that turns the gate ( PORT ) on lol
    let's just say if one motherboard manufacturer decided to use a different type
    I/O interface they may be using a logic low to turn on the gate and not a high
    this would be confusing to software trying to figure out if the gate ( port ) is open or closed.

    well now that I have confused us all I will go drink more coffee


    Bruce
     
  20. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Daisey,

    I think you should stop worrying so much, between your use of ZAP with no programs having server rights (minus your one exception of course) and being behind a router or hadware firewall you are more than adequately secure in your internet travels. So relax, and cheer up, Its football season, there are much more important things to worry about. Go Cowboys!!

    From a current Texan, sorry you had to leave this great state.
     
  21. controler

    controler Guest

    GO VIKINGS!!!!!!!!!!!!!! :p
     
  22. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    LOL an open port is kind of like being caught with your pants down. :D
     
  23. steverio

    steverio Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    161
    :eek: Pants down for an open port? Sure glad these pixels don't show that! This group might all be arrested! :D

    Seriously, having any security concerns like ports that are exposed and educating ourselves about them is a very healthy thing to do! Most people I know are very much ignorant of safe computing practices.
     
  24. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Your probably right, flyrfan111. :) But it's good to know, and this is a great place to learn.

    Amen to that! :D

    Wasn't my choice. :'(
     
  25. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Yes it is a great place to learn, and I'll bite, what happened? or should I start a new thread for that? or a PM.
     
Loading...
Thread Status:
Not open for further replies.