f



Why is port forwarding more secure than opening up a port?

I have never understood this very well, here is my current grasp of it..

If I open up port 110 on my router:

1. If hacker is probing random IP addresses on that port, I will be flagged 
as open and he will come back and pay me a visit.

2. Any Trojans, viruses, or other malware that works its way into PCs via 
port 110 will eventually stumble across my open port and infect me.


Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server 
PC):

1. If hacker is probing random IP addresses on that port, will I will be 
flagged as closed? stealthed? worth a second visit?

2. Any Trojans, viruses or other port 110 malware will squirm through my 
router and arrive at 192.168.0.5??

Please can someone clear this up for me.

Thanks

Paul 


0
nospam21 (19047)
12/16/2004 1:03:55 PM
comp.security.firewalls 10672 articles. 0 followers. dfinc1988 (97) is leader. Post Follow

5 Replies
665 Views

Similar Articles

[PageSpeed] 52

"Paul H" <nospam@nospam.com> wrote in message
news:%Ifwd.453$JI3.381@newsfe1-win.ntli.net...
> I have never understood this very well, here is my current grasp of it..
>
> If I open up port 110 on my router:
>
> 1. If hacker is probing random IP addresses on that port, I will be
flagged
> as open and he will come back and pay me a visit.

Very unlikely. I'm not running anything on 110 here and I've forgotten when
I last saw anything directed at 110.

>
> 2. Any Trojans, viruses, or other malware that works its way into PCs via
> port 110 will eventually stumble across my open port and infect me.

What did you mean by "open up port 110 on my router"?
It does not follow that you can be infected just because a port is 'open'.

>
>
> Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server
> PC):
>
> 1. If hacker is probing random IP addresses on that port, will I will be
> flagged as closed? stealthed? worth a second visit?

Well if you really do have a pop3 server on 192.168.0.5 then it will respond
like any pop3 server would. If you don't then it depends on how 192.168.0.5
responds, it will probably respond as closed.

>
> 2. Any Trojans, viruses or other port 110 malware will squirm through my
> router and arrive at 192.168.0.5??

If I were a personal firewall vendor I would say yes and you must buy my
firewall software immediately.
If I had a clue then I'd ask whether 192.168.0.5 is actually listening for
incoming connections to 110. Even if it is it does not follow that your
imaginary malware will be able to cause any problem. It would depend on
whether your pop3 server has any known unpatched security vulnerabilities
and whether or not the particular malware was designed to exploit such a
vulnerability.

Jason

>
> Please can someone clear this up for me.
>
> Thanks
>
> Paul
>
>


0
none2416 (182)
12/16/2004 3:39:53 PM
On Thu, 16 Dec 2004 13:03:55 GMT, Paul H spoketh

>I have never understood this very well, here is my current grasp of it..
>
>If I open up port 110 on my router:
>
>1. If hacker is probing random IP addresses on that port, I will be flagged 
>as open and he will come back and pay me a visit.
>
>2. Any Trojans, viruses, or other malware that works its way into PCs via 
>port 110 will eventually stumble across my open port and infect me.
>
>
>Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server 
>PC):
>
>1. If hacker is probing random IP addresses on that port, will I will be 
>flagged as closed? stealthed? worth a second visit?
>
>2. Any Trojans, viruses or other port 110 malware will squirm through my 
>router and arrive at 192.168.0.5??
>
>Please can someone clear this up for me.
>
>Thanks
>
>Paul 
>

Well, "forward" usually implied to allow inbound connections, and the
term is mostly used with cheap NAT routers. "Open" usually refers to
allowing outbound connections. 

So, if you open (allow) outbound traffic on port 110, then an external
scan will not show anything on port 110. 

If you forward (allow) inbound traffic on port 110 to your pop3 server,
then an external scan will show that port 110 is open and accepting
connections. 


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
0
badnews (1010)
12/16/2004 11:51:06 PM
"Jason Edwards" <none@invalid.invalid> wrote in message
news:32doicF3krpteU1@individual.net...
> "Paul H" <nospam@nospam.com> wrote in message
> news:%Ifwd.453$JI3.381@newsfe1-win.ntli.net...
> > I have never understood this very well, here is my current grasp of it..
> >
> > If I open up port 110 on my router:
> >
> > 1. If hacker is probing random IP addresses on that port, I will be
> flagged
> > as open and he will come back and pay me a visit.
>
> Very unlikely. I'm not running anything on 110 here and I've forgotten
when
> I last saw anything directed at 110.

   How are you getting your Email, if you are not running a mail server on
port 110?


0
12/17/2004 9:32:29 AM
"Charles Newman" <charlesnewman1@comcast.net.spammers.will.be.shot.on.sight>
wrote in message news:s-ednWtkntMyOl_cRVn-pg@comcast.com...
>
> "Jason Edwards" <none@invalid.invalid> wrote in message
> news:32doicF3krpteU1@individual.net...
> > "Paul H" <nospam@nospam.com> wrote in message
> > news:%Ifwd.453$JI3.381@newsfe1-win.ntli.net...
> > > I have never understood this very well, here is my current grasp of
it..
> > >
> > > If I open up port 110 on my router:
> > >
> > > 1. If hacker is probing random IP addresses on that port, I will be
> > flagged
> > > as open and he will come back and pay me a visit.
> >
> > Very unlikely. I'm not running anything on 110 here and I've forgotten
> when
> > I last saw anything directed at 110.
>
>    How are you getting your Email, if you are not running a mail server on
> port 110?

Sorry your question does not make any sense to me.

I do run my own SMTP server but I have nothing listening for incoming
connection requests from the Internet to port 110.

Jason.


0
none2416 (182)
12/17/2004 10:57:06 AM
Lars M. Hansen wrote:

> On Thu, 16 Dec 2004 13:03:55 GMT, Paul H spoketh
> 
>>I have never understood this very well, here is my current grasp of it..
>>
>>If I open up port 110 on my router:
>>
>>1. If hacker is probing random IP addresses on that port, I will be
>>flagged as open and he will come back and pay me a visit.
>>
>>2. Any Trojans, viruses, or other malware that works its way into PCs via
>>port 110 will eventually stumble across my open port and infect me.
>>
>>
>>Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server
>>PC):
>>
>>1. If hacker is probing random IP addresses on that port, will I will be
>>flagged as closed? stealthed? worth a second visit?
>>
>>2. Any Trojans, viruses or other port 110 malware will squirm through my
>>router and arrive at 192.168.0.5??
>>
>>Please can someone clear this up for me.
>>
>>Thanks
>>
>>Paul
>>
> 
> Well, "forward" usually implied to allow inbound connections, and the
> term is mostly used with cheap NAT routers. "Open" usually refers to
> allowing outbound connections.
> 
> So, if you open (allow) outbound traffic on port 110, then an external
> scan will not show anything on port 110.
> 
> If you forward (allow) inbound traffic on port 110 to your pop3 server,
> then an external scan will show that port 110 is open and accepting
> connections.
> 
> 
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)

I see the main advantage for using NAT/PAT is this... A lot of servers in
small businesses run most of the services on the same server.  Like the
server acts as a file, email, and webserver.  Only people in the office
need to access the file and web serverices on that pc, so they give the
server an internal ip and NAT port 25 and 110 to it for external
connectivity.  that would keep the 'outside world' from knowing or
accessing the filesharing and www services.. if you only had pop and smtp
running on the server with everything else closed off and a local firewall
running, why not put it on a dmz (give it a public ip).. basically, NAT if
you dont know exactly what you are doing, or if you have services running
that only internal users need access to.  oh yeah, and os fingerprinting
and tcp sequence prediction might be a little more difficult if you had nat
on,,... unless a connectiong to your smtp server says HI I"M MICROSOFT SMTP
SERVICE'

k
0
k
12/21/2004 8:36:04 PM
Reply:

Similar Artilces:

port forwarding/ opening port
hi i'm having P4 2.4 256MB RAM with Win XP SP-2 Pro installed. i'm using 256 kbps connection using adsl2+ router SmartAX MT882 ADSL Router from Huawei, china its having NAT & built in firewall.,,, i'm also using Win XP Firewall to protect my pc.. i want to know how to use port forwarding & how to open port on router so that i can establish connection, also i didn't understand the UDP & TCP, what is it all about? i want to open port for radmin connection... also, how to know that how much secure my pc is from internet... any resource... i have referred to router ...

Ports....Ports....Ports...
I have a linksys WRT54G wireless access point and I have't been able to get voice communications using Windows Messenger or Buddy Talk. With a direct PPOE connection to my isp they voice items worked fine. What ports need to be forwarded to allow for voice? Thanx, Grumpy On Fri, 08 Aug 2003 15:05:30 GMT, William Harper spoketh >I have a linksys WRT54G wireless access point and I have't been able to get >voice communications using Windows Messenger or Buddy Talk. With a direct >PPOE connection to my isp they voice items worked fine. What ports need to >be forwarded...

Symantec 200R Firewall port forwarding remote desktop security
Hi, I have set up the 200R to allow a virtual server for port 3389 so that I can connect to our remote server using terminal services to the public Internet IP address. It all works OK but I have disabled it because of security reasons. Two questions:- Is there any way to tie down this access to my own PC or network? Can I make the port appear in Stealth mode rather than Open? Regards, Vic Vic Russell wrote: > Hi, > I have set up the 200R to allow a virtual server for port 3389 so that I > can connect to our remote server using terminal services to the public > Internet ...

Port Forwarding: Device:Port = Router:Port?
- Webcam's IP addr = 10.0.0.140, and it's set up to use port 8000 - Router's IP addr = 1.0.0.1, and it's port forwarding is set up to forward port 8000 to 10.0.140. - I can view the camera using 10.0.0.140:8000, no problem. The Question: Should I be able to view the camera using 10.0.0.1:8000? -- PeteCresswell On Wed, 31 Aug 2011 08:13:01 -0400, "(PeteCresswell)" <x@y.Invalid> wrote: > - Webcam's IP addr = 10.0.0.140, and it's set up to > use port 8000 > > - Router's IP addr = 1.0.0.1, and...

To Port Forward or Not To Port Forward
System: DP MDD G4, OS 10.4.9 Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3 connected wirelessly, basic home use only Wireless security is very basic: Unique router name and pw, SSID disabled, and connections allowed by MAC addresses only, Linksys firewall is enabled with all the other features set to their defaults, Mac OS firewall is disabled I recently purchased a Logitec QuickCam Pro 5000 webcam that works just fine with iChat right out of the box. Learning how to use it I found some Apple docs and ot...

security of reverse port on the firewall
I can't seem to find any discussions on the security of opening a reverse port of a firewall for NTP. I would have thought this was a fairly important point of discussion or is it not? Can anyone point me to info on this item? Don Don S wrote: >I can't seem to find any discussions on the security of opening a reverse >port of a firewall for NTP. I would have thought this was a fairly important >point of discussion or is it not? Can anyone point me to info on this item? > >Don > > If you limit port 123 to UDP, I don't see that there is much, if any, hazard...

port forwarding and secured connection
Hi all, openssh 3.7.1.0 with zlib and openssl 0.9.6.7 are installed on AIX4.3. The config files are listed at the end of this mail. I have one machineA on which I have configured local port forwarding: machineA:#sshd -p 2222 machineA:#ssh -f -g -N -L 2223:machineA:23 machineA A client telnet connection to port 2223 of machine A works. If I understand local port forwarding, the connection between the client and port 2223 on machine A should be not secured, the connection between port 2223 on machine A and port 23 should be secured. But when I use ip listener on what goes out from port 2223 ...

Ports for DB2 behind firewall / ssh port forward
hi newsgroup, I'd like to connect to a remote DB2 Database V 8.2 using the "DB2 Steuerzentrale" (I guess it's called something like "DB2 management console" in the English version). Since the database host is behind a firewall I tried to communicate through ssh port forwarding. Therefore, I run: ssh -L 6789:remotename:6789 -L 50000:remotename:50000 -L 50001:remotename:50001 -L 523:remotename:523 remotename Though the ssh connection is established, my "DB2 Steuerzentrale" won't connect to localhost successfully and shows an error num...

How do I: Switchport port-security on Pix 501 Switch Ports
I have a bunch of remote fire stations on a nailed vpn over cable to our internal network. I need to be able to do something similar to what I do with switches: switchport port-security switchport port-security mac-address sticky These folks keep bringing in personal laptops that are virus/malware infected and putting them on our network. Does anyone have any idea on how I can control these switch ports on the 501? Some models actually show the switch ports, but the eraly models, don'/ t even show the switchports on a 'sh int' Thank-you for any idea's. Bruce D. Meyer Bru...

Port security on a Catalyst 4000
I've got port security configured on a catalyst 4000, running catos 7.6.3. The config command is:- set port security 6/18 enable age 0 maximum 1 shutdown 0 unicast-flood enable violation shutdown When I patch a workstation into the port, it learns the mac and shows it as secure. When I subsequently remove the workstation, a "show port security 6/18" shows no secure address. I can then patch a different workstation into the same port, and it learns the new machine's mac address. As I understand it, the first machine's mac address should be learnt, and the port should be...

iptables port forwarding
with the following rules: iptables -A INPUT --protocol tcp --dport 2222 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:22 "ssh -p 2222 <host>" doesn't go through and nmap shows port 2222 as being filtered (from within the DMZ). how can i open up the port? thanks. Jason wrote: > with the following rules: > > iptables -A INPUT --protocol tcp --dport 2222 -j ACCEPT > iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:22 > > "ssh -p 2222 <host>"...

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are ...

how secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are ...

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the lo...

Web resources about - Why is port forwarding more secure than opening up a port? - comp.security.firewalls

Call forwarding - Wikipedia, the free encyclopedia
Call forwarding , or call diversion , is a telephony feature of some telephone switching systems which redirects a telephone call to another ...

Facebook Messenger For IOS Adds Groups, Message Forwarding
Facebook released version 4.0 of its Messenger application for iOS , and the major additions were the ability to create groups , and the ability ...

Choice urges IP spoofing for better IT prices - Parliament, House, prices, iTunes, guide, US forwarding ...
Consumers should spoof their IP address and use US forwarding addresses to beat high IT prices in Australia, consumer advocacy group Choice said. ...

Martin Taupau email mix-up highlights legal risks of forwarding misdirected message
An incredible email mix-up gave a Canadian theatre critic a cracking NRL scoop &ndash; and potentially a legal headache.

VPN Routing & Forwarding Instance_网络子站_IT专家网
VRF-VPN路由转发实例(VPN Routing & Forwarding Instance) VPN Routing & Forwarding Instance

Facebook Messenger updated to version 4.0 with groups and message forwarding
... 4.0 Groups: Now you can create groups for the people you message most. Name them, set group photos and keep them all in one place Forwarding: ...

Facebook Messenger For IOS Adds Groups, Message Forwarding - SocialTimes
Facebook released version 4.0 of its Messenger application for iOS , and the major additions were the ability to create groups , and the ability ...

Sprint StarStar Me offers vanity phone numbers and controlled call forwarding
Sprint has kicked off a new add-on service today called StarStar Me. For $2.99/month, subscribers can register a new number that's accessed by ...


Facebook Messenger 4.0 Features Easy Group Creation And Message Forwarding
... , its messaging-focused app, to version 4.0 on iOS. Facebook Messenger 4.0 introduces a couple of significant new features: groups and forwarding. ...

Resources last updated: 2/7/2016 6:39:41 AM