Jump to content
Not connected, Your IP: 18.188.113.185
Sarif

How to open and close ports ??

Recommended Posts

Good day

 

Does any one know of any good software , that i can use to close open ports ??

 

On My Linux Box every is just like i want it , But on windows I cant get them to close , I am getting a little bit sick and tired of Windows ,

 

So any u guys know how to close oep ports in windows ??

 

The other thing is do I need to worry about open ports in OS 7 since i am using AirVPN ?? or as long as I am connected i am ok ??

 

One more Question Please , I just Forwarded one port for my File sharing ,, do i need to close it after i am don ?? or just leave it open ??

 

I did the Forwarding through here ,,..

 

many thanks


     9yzTU300x300.png                                                                                      visa1.png                  

Share this post


Link to post

any1 ????


     9yzTU300x300.png                                                                                      visa1.png                  

Share this post


Link to post

Hello!
 
It's not completely clear what you want to achieve. Perhaps some clarifications are necessary.
 
First of all, it must be clear what a port (in networking) is. Wikipedia provides an outstanding, great, precise definition in article http://en.wikipedia.org/wiki/Port_%28computer_networking%29 :
 
"In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. The purpose of ports is to uniquely identify different applications or processes running on a single computer and thereby enable them to share a single physical connection to a packet-switched network like the Internet. In the context of the Internet Protocol, a port is associated with an IP address of the host, as well as the type of protocol used for communication.

 

The protocols that primarily use ports are the Transport Layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. The port number, added to a computer's IP address, completes the destination address for a communications session. That is, data packets are routed across the network to a specific destination IP address, and then, upon reaching the destination computer, are further routed to the specific process bound to the destination port number.

 

Note that it is the combination of IP address and port number together that must be globally unique. Thus, different IP addresses or protocols may use the same port number for communication; e.g., on a given host or interface UDP and TCP may use the same port number, or on a host with two interfaces, both addresses may be associated with a port having the same number."

 

Therefore, a port is said to be "open" when all the following conditions are met:

 

1) it exists

2) packets to it are not dropped or rejected by any packet filtering tool

3) the process identified by the port replies

 

Condition 1 seems trivial but please think about it. If there is no process identified by the host by a certain endpoint, there is no endpoint at all. The port does not exist, period. In common language this is one of the cases for which we say that "a port is closed".

 

When you remotely forward a port on our system, the VPN server will take care to forward packets to your VPN IP address:port number so you will be able to have listening services (i.e. processes identified by a unique endpoint) behind our NAT. Thus:

 

- if your service does not run, our servers forward packets but your system will not reply because it does not know which process it should send the packets to: "the port is closed".

- if your service runs, but a packet filtering tool on your system rejects or drops packets, the port does exist but it is again "closed"

- if your service runs and your packet filtering tool does not reject or drop packets it, but the port is not forwarded on our system, the VPN servers will drop the incoming packets from the Internet: the port is once again "closed" (from the external "Internet point of view")

- if your service runs, your packet filtering tool does not intercept packets to it, and the port is remotely forwarded on our system, the port is "open"

 

The problem you cite with Windows is probably due to the fact that by default a lot of processes (identified by an endpoint on the host) run without the user awareness, therefore a lot of ports "are open" by default. If the process associated to the port has one or more vulnerabilities, it may become the target of an attack: by sending packets to that port (i.e. by communicating with the vulnerable processes) an attacker could exploit such vulnerabilities for various purposes, including taking root control of the machine where such process runs (with privileges escalation, or with some intentional overflow just to make two random examples). Hence the basic rule: not running processes that you do not need is the first, simplest way to "close a port", even before than setting up a packet filtering tool.

 

When you're connected to our service, by default "all ports are closed". This means that the VPN server will not forward anything to your VPN IP. However, this does not mean that ALL of your host ports "are closed". For example, if your computer is behind a router NAT (very common case), AND you have processes running on the computer and listening to the physical network card AND you forward ports on your router matching the same endpoint of those processes, packets can reach those processes through that other forwarded ports. In general, when you are connected to a VPN server you should not forward ports on the router. Not only it is useless, because the VPN tunnel bypasses your router NAT as well as your ISP NAT (if any), but it is also potentially dangerous. In particular if you forward the SAME port numbers both on the VPN and on your router, and you have a process listening to those ports, correlation attacks become possible.

 

Kind regards

Share this post


Link to post

Hello!

 

It's not completely clear what you want to achieve. Perhaps some clarifications are necessary.

 

First of all, it must be clear what a port (in networking) is. Wikipedia provides an outstanding, great, precise definition in article http://en.wikipedia.org/wiki/Port_%28computer_networking%29 :

 

"In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. The purpose of ports is to uniquely identify different applications or processes running on a single computer and thereby enable them to share a single physical connection to a packet-switched network like the Internet. In the context of the Internet Protocol, a port is associated with an IP address of the host, as well as the type of protocol used for communication.

 

The protocols that primarily use ports are the Transport Layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. The port number, added to a computer's IP address, completes the destination address for a communications session. That is, data packets are routed across the network to a specific destination IP address, and then, upon reaching the destination computer, are further routed to the specific process bound to the destination port number.

 

Note that it is the combination of IP address and port number together that must be globally unique. Thus, different IP addresses or protocols may use the same port number for communication; e.g., on a given host or interface UDP and TCP may use the same port number, or on a host with two interfaces, both addresses may be associated with a port having the same number."

 

Therefore, a port is said to be "open" when all the following conditions are met:

 

1) it exists

2) packets to it are not dropped or rejected by any packet filtering tool

3) the process identified by the port replies

 

Condition 1 seems trivial but please think about it. If there is no process identified by the host by a certain endpoint, there is no endpoint at all. The port does not exist, period. In common language this is one of the cases for which we say that "a port is closed".

 

When you remotely forward a port on our system, the VPN server will take care to forward packets to your VPN IP address:port number so you will be able to have listening services (i.e. processes identified by a unique endpoint) behind our NAT. Thus:

 

- if your service does not run, our servers forward packets but your system will not reply because it does not know which process it should send the packets to: "the port is closed".

- if your service runs, but a packet filtering tool on your system rejects or drops packets, the port does exist but it is again "closed"

- if your service runs and your packet filtering tool does not reject or drop packets it, but the port is not forwarded on our system, the VPN servers will drop the incoming packets from the Internet: the port is once again "closed" (from the external "Internet point of view")

- if your service runs, your packet filtering tool does not intercept packets to it, and the port is remotely forwarded on our system, the port is "open"

 

The problem you cite with Windows is probably due to the fact that by default a lot of processes (identified by an endpoint on the host) run without the user awareness, therefore a lot of ports "are open" by default. If the process associated to the port has one or more vulnerabilities, it may become the target of an attack: by sending packets to that port (i.e. by communicating with the vulnerable processes) an attacker could exploit such vulnerabilities for various purposes, including taking root control of the machine where such process runs (with privileges escalation, or with some intentional overflow just to make two random examples). Hence the basic rule: not running processes that you do not need is the first, simplest way to "close a port", even before than setting up a packet filtering tool.

 

When you're connected to our service, by default "all ports are closed". This means that the VPN server will not forward anything to your VPN IP. However, this does not mean that ALL of your host ports "are closed". For example, if your computer is behind a router NAT (very common case), AND you have processes running on the computer and listening to the physical network card AND you forward ports on your router matching the same endpoint of those processes, packets can reach those processes through that other forwarded ports. In general, when you are connected to a VPN server you should not forward ports on the router. Not only it is useless, because the VPN tunnel bypasses your router NAT as well as your ISP NAT (if any), but it is also potentially dangerous. In particular if you forward the SAME port numbers both on the VPN and on your router, and you have a process listening to those ports, correlation attacks become possible.

 

Kind regards

Many thanks for explaining this to me 

,,  I can only conform what ur saying  as far as if it is used then it is open (Port)  in linux   ,, But just Like I said and u also mentioned it   Windows is My problem  I did netstat  and i saw that there was almost 90 open ports   I would say that is to Many  ports open for no reason 

 

this is what I was thinking about 

 

Many thanks


     9yzTU300x300.png                                                                                      visa1.png                  

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...