Leaderboard

The attacker is in principle able to do that, yes. But on a dynamic port such as 45678 anything could listen. A Nextcloud, a Postfix or something niche as an Arma 3 game server. So if he/she finds an open port, the first thing is always to identify what is hosted there. There are approaches to automatically identify it by sending some packets and see what comes back, then comparing the returning packets to patterns of what well-known software would send. But this is only for well-known software. Most of the time the software is more niche and requires manual detection, and this will be the moment where any normal attacker will look for other targets unless he/she knows the target is lucrative (and so knowing that the time invested will pay off, usually in $$$). Crackers do things just like your average CEO of a company: A careful calculation of gains and losses. What would a CEO do to cut losses? Automate his/her business, and if it doesn't work, scrap it.

A port is only open if something is listening on that port and properly responding. In other cases ports would either be closed or, the far more common case, simply time out when contacted. Assuming you did not publish the socket info (IP:port combination) for anyone to know what exactly is behind it, this is my math on this: AirVPN has got 243 servers, assuming he/she doesn't know to which of these you're connected – if you're even connected! One could make an educated guess and say "hmm, victim might be in EU because the forums profile says "Germany" (like in my case), so EU servers might be a priority". I'm an exception because that info is public, the vast majority don't publish that info. But let's just assume this for the model – it brings down the server list to 157 with a small percentage of assumption error. After all, could be that the victim breaks all rules and actually connects to servers across the globe all the time. (Or, one could assume "hmm, he might only use servers in his/her own country and its neighbours, latency and all that", that would bring the server list down to exactly 100 but also increase the risk of a false assumption.) As there is no way to know to which of these servers your account is connected unless you a) are a team member with admin access to everything, a natural thing to have, as you'd agree, or b) enabled the API on your account (another little rabbit hole because the attacker needs the API key to access your info like that), the attacker needed to find out which of the 63000+ ports actually respond to connections – on every server. And if that doesn't deter one from scanning 100 * 63000 ports the fact that you will never know if the port you found was you or someone else running a Nextcloud behind it, then the fact that you will need to hack the hosted Nextcloud instance to know for sure most likely will. And of course: How should the attacker know what exactly you're hosting? Oh, and if that's not enough, know that no one in his/her right mind scans 63000 ports at once, like, in one batch. This would trigger even the simplest intrusion detection system, probably even that murky little shell script you wrote in haste without any form or quality control because you desperately needed it, and you needed it now. Once you started scanning from the lowest possible port, by the time you reach 9000 scanned ports someone could've connected and began listening on an already scanned port. That someone could have been you. It's so resource-intensive that I'd rather opt to send you spam mails with phishing links than trying that because I know I'll have way more success with stupid mails promising you enlargements of certain body parts. Still, whoever goes through all those hoops and additionally manages to abuse some vulnerability in the listening application, and it was his/her target to hack me all along, that will be the day I will willingly sell myself to slavery, out of respect for that kind of skill. All that falls apart if you published that socket info somewhere publically, like a game server list, under the same name as on these forums for example. Now they know who is hosting what, and the only challenge remaining is to exploit a vulnerability in that game to, I don't know, take over your game world, I suppose. Some things are simply not worth hacking into.