Open Router Ports & Their Security Implications [Technology Explained]
An open router port is the term used to refer to a virtual door allowing specific data in or out of your router. One example of a port is the most popular port 80. Port 80 is used for HTTP or Web traffic. If port 80 is closed outbound for your computer, then you would not be able to get to the Internet. Think of a port as a door. And the door has rules that let people through one way, both ways or prohibits them from passing through.
According to Wikipedia: A software port (usually just called a ‘port’) is a virtual/logical data connection that can be used by programs to exchange data directly, instead of going through a file or other temporary storage location. The most common of these are TCP and UDP ports, which are used to exchange data between computers on the Internet.
Most people know what FTP is. FTP is the File Transfer Protocol. It is designated to run on port 21.
Now let’s think about this. If you want to have a FTP server on your computer that is accessible to the outside world you will need to open port 21 on your router or firewall. Bittorrent Client Azerus uses inbound and outbound ports 6881-6889 below is how I opened them on my Dlink router.
To open a port on your network you would log into your router or firewall. You will need this IP address and username/password to connect. Once you are in, you would look for the firewall portion of your interface. If this is over your head, go to Port Forward and they will walk you through it. All you need is your router’s make and model. Your firewall or router might call it Applications, Rules , Virtual Servers or Firewall rules.
Over the years more and more applications function over the Internet or network. About 7 years ago I needed to open ports on my Linksys router and it was not easy. It was confusing to me and at the time I was opening ports left and right on Cisco PIX firewalls and manually creating incoming and outgoing rules. To see all computers that are connected to your computer and the ports they are connected to go to the command prompt and type Netstat -a.
The third and forth columns are what we are looking at. The third column has the address of the machine that is connected to your machine then there is a colon and the port number this machine has connected or is trying to connect on. The last column states either Listening or Established. Listening means the port is open and waiting and Established means that the machine is connected.
The reason that the manufacturers made it so difficult to open ports was security concerns. By opening ports on your router you are essentially unlocking a window or door to your home. The bad guys might not know it is unlocked but by trying it, they might figure it out.
To give you an example of how opening ports can harm you, I will share with you my first time I got hacked. It was not a proud moment. It was humbling and an eye opener. I came home from work to check why I could not get to my FTP on my home computer from work. My machine was on and it looked like the hard drive was going crazy. Once I logged on to the machine I saw that my free space was at less than 1% and my machine was crawling due to no free space issues.
Apparently someone used my open port 21 to gain access to my IIS based FTP server and upload crap loads of porn. I quickly took my machine offline and checking the log files, was going in and out of the machine all day and night with a new user set up.
By opening port 21 there was a way into my machine and using some exploit they took it over. I saw that the hackers were connecting from specific IP addresses – I blocked those in my router and then I modified my rules.
All my rules now have source IP addresses, No longer will I open a port to everyone – I will add my office IP address and work around that. Another nifty tip is to use different port numbers than the usual ports. When I say usual ports I mean port 80 is normally used to access the web but you can change the port your webserver uses to 8888 via IIS. They you would need to type in http://www.yoururl.com:8888 if the user did not know the port they could not find the website.
I used 3737 for FTP for a while. The reason this helps is that hackers scan networks for open ports. Port scanning takes time and so they scan for ports like 21,22,80,8080 and other commonly used ports. If you are able to change your ports do so. In this instance I then accessed my FTP site using my IP and the port like so:
ftp://172.23.33.211:3737 (that is a fake IP address for you hackers out there!)
Most FTP clients allow you to change the port your client connects with as well. You can use a free port scanner from an outside computer like this one or you can use a service like Can You See Me to scan individual ports.
The external website is a better test as it shows what is open from the outside in.
One you confirm that you have ports open that you want to close you will need to go to your router and find the rules and delete them or you can turn on your Windows Firewall from your services manager. For total control download Zone Alarm’s free offering. The firewall will provide you with protection from threats inside and outside your network.
How do you safely open ports and protect yourself from threats? Share your opinions with us in the comments!