Sarif 3 Posted ... Good day Does any one know of any good software , that i can use to close open ports ?? On My Linux Box every is just like i want it , But on windows I cant get them to close , I am getting a little bit sick and tired of Windows , So any u guys know how to close oep ports in windows ?? The other thing is do I need to worry about open ports in OS 7 since i am using AirVPN ?? or as long as I am connected i am ok ?? One more Question Please , I just Forwarded one port for my File sharing ,, do i need to close it after i am don ?? or just leave it open ?? I did the Forwarding through here ,,.. many thanks Quote Hide Sarif's signature Hide all signatures Share this post Link to post
Sarif 3 Posted ... any1 ???? Quote Hide Sarif's signature Hide all signatures Share this post Link to post
Staff 9774 Posted ... Hello! It's not completely clear what you want to achieve. Perhaps some clarifications are necessary. First of all, it must be clear what a port (in networking) is. Wikipedia provides an outstanding, great, precise definition in article http://en.wikipedia.org/wiki/Port_%28computer_networking%29 : "In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. The purpose of ports is to uniquely identify different applications or processes running on a single computer and thereby enable them to share a single physical connection to a packet-switched network like the Internet. In the context of the Internet Protocol, a port is associated with an IP address of the host, as well as the type of protocol used for communication. The protocols that primarily use ports are the Transport Layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. The port number, added to a computer's IP address, completes the destination address for a communications session. That is, data packets are routed across the network to a specific destination IP address, and then, upon reaching the destination computer, are further routed to the specific process bound to the destination port number. Note that it is the combination of IP address and port number together that must be globally unique. Thus, different IP addresses or protocols may use the same port number for communication; e.g., on a given host or interface UDP and TCP may use the same port number, or on a host with two interfaces, both addresses may be associated with a port having the same number." Therefore, a port is said to be "open" when all the following conditions are met: 1) it exists2) packets to it are not dropped or rejected by any packet filtering tool3) the process identified by the port replies Condition 1 seems trivial but please think about it. If there is no process identified by the host by a certain endpoint, there is no endpoint at all. The port does not exist, period. In common language this is one of the cases for which we say that "a port is closed". When you remotely forward a port on our system, the VPN server will take care to forward packets to your VPN IP address:port number so you will be able to have listening services (i.e. processes identified by a unique endpoint) behind our NAT. Thus: - if your service does not run, our servers forward packets but your system will not reply because it does not know which process it should send the packets to: "the port is closed".- if your service runs, but a packet filtering tool on your system rejects or drops packets, the port does exist but it is again "closed"- if your service runs and your packet filtering tool does not reject or drop packets it, but the port is not forwarded on our system, the VPN servers will drop the incoming packets from the Internet: the port is once again "closed" (from the external "Internet point of view")- if your service runs, your packet filtering tool does not intercept packets to it, and the port is remotely forwarded on our system, the port is "open" The problem you cite with Windows is probably due to the fact that by default a lot of processes (identified by an endpoint on the host) run without the user awareness, therefore a lot of ports "are open" by default. If the process associated to the port has one or more vulnerabilities, it may become the target of an attack: by sending packets to that port (i.e. by communicating with the vulnerable processes) an attacker could exploit such vulnerabilities for various purposes, including taking root control of the machine where such process runs (with privileges escalation, or with some intentional overflow just to make two random examples). Hence the basic rule: not running processes that you do not need is the first, simplest way to "close a port", even before than setting up a packet filtering tool. When you're connected to our service, by default "all ports are closed". This means that the VPN server will not forward anything to your VPN IP. However, this does not mean that ALL of your host ports "are closed". For example, if your computer is behind a router NAT (very common case), AND you have processes running on the computer and listening to the physical network card AND you forward ports on your router matching the same endpoint of those processes, packets can reach those processes through that other forwarded ports. In general, when you are connected to a VPN server you should not forward ports on the router. Not only it is useless, because the VPN tunnel bypasses your router NAT as well as your ISP NAT (if any), but it is also potentially dangerous. In particular if you forward the SAME port numbers both on the VPN and on your router, and you have a process listening to those ports, correlation attacks become possible. Kind regards 1 rickjames reacted to this Quote Share this post Link to post
rickjames 106 Posted ... ^^ best reply ever. If you're on windows try comodo. There's also a "how to" section that kinda covers this @ https://airvpn.org/forum/15-how-to/ I'm pretty sure there's a comodo post near the bottom. Quote Share this post Link to post
Sarif 3 Posted ... Hello! It's not completely clear what you want to achieve. Perhaps some clarifications are necessary. First of all, it must be clear what a port (in networking) is. Wikipedia provides an outstanding, great, precise definition in article http://en.wikipedia.org/wiki/Port_%28computer_networking%29 : "In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. The purpose of ports is to uniquely identify different applications or processes running on a single computer and thereby enable them to share a single physical connection to a packet-switched network like the Internet. In the context of the Internet Protocol, a port is associated with an IP address of the host, as well as the type of protocol used for communication. The protocols that primarily use ports are the Transport Layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. The port number, added to a computer's IP address, completes the destination address for a communications session. That is, data packets are routed across the network to a specific destination IP address, and then, upon reaching the destination computer, are further routed to the specific process bound to the destination port number. Note that it is the combination of IP address and port number together that must be globally unique. Thus, different IP addresses or protocols may use the same port number for communication; e.g., on a given host or interface UDP and TCP may use the same port number, or on a host with two interfaces, both addresses may be associated with a port having the same number." Therefore, a port is said to be "open" when all the following conditions are met: 1) it exists2) packets to it are not dropped or rejected by any packet filtering tool3) the process identified by the port replies Condition 1 seems trivial but please think about it. If there is no process identified by the host by a certain endpoint, there is no endpoint at all. The port does not exist, period. In common language this is one of the cases for which we say that "a port is closed". When you remotely forward a port on our system, the VPN server will take care to forward packets to your VPN IP address:port number so you will be able to have listening services (i.e. processes identified by a unique endpoint) behind our NAT. Thus: - if your service does not run, our servers forward packets but your system will not reply because it does not know which process it should send the packets to: "the port is closed".- if your service runs, but a packet filtering tool on your system rejects or drops packets, the port does exist but it is again "closed"- if your service runs and your packet filtering tool does not reject or drop packets it, but the port is not forwarded on our system, the VPN servers will drop the incoming packets from the Internet: the port is once again "closed" (from the external "Internet point of view")- if your service runs, your packet filtering tool does not intercept packets to it, and the port is remotely forwarded on our system, the port is "open" The problem you cite with Windows is probably due to the fact that by default a lot of processes (identified by an endpoint on the host) run without the user awareness, therefore a lot of ports "are open" by default. If the process associated to the port has one or more vulnerabilities, it may become the target of an attack: by sending packets to that port (i.e. by communicating with the vulnerable processes) an attacker could exploit such vulnerabilities for various purposes, including taking root control of the machine where such process runs (with privileges escalation, or with some intentional overflow just to make two random examples). Hence the basic rule: not running processes that you do not need is the first, simplest way to "close a port", even before than setting up a packet filtering tool. When you're connected to our service, by default "all ports are closed". This means that the VPN server will not forward anything to your VPN IP. However, this does not mean that ALL of your host ports "are closed". For example, if your computer is behind a router NAT (very common case), AND you have processes running on the computer and listening to the physical network card AND you forward ports on your router matching the same endpoint of those processes, packets can reach those processes through that other forwarded ports. In general, when you are connected to a VPN server you should not forward ports on the router. Not only it is useless, because the VPN tunnel bypasses your router NAT as well as your ISP NAT (if any), but it is also potentially dangerous. In particular if you forward the SAME port numbers both on the VPN and on your router, and you have a process listening to those ports, correlation attacks become possible. Kind regardsMany thanks for explaining this to me ,, I can only conform what ur saying as far as if it is used then it is open (Port) in linux ,, But just Like I said and u also mentioned it Windows is My problem I did netstat and i saw that there was almost 90 open ports I would say that is to Many ports open for no reason this is what I was thinking about Many thanks Quote Hide Sarif's signature Hide all signatures Share this post Link to post
Not connected, Your IP: 13.58.137.218
Online: 22973 users - 243436 Mbit/s total BW