Go Back   Tech Support Forum > Networking Forum > Security and Firewalls

Port Forwarding Security Risks

This is a discussion on Port Forwarding Security Risks within the Security and Firewalls forums, part of the Tech Support Forum category. No one has ever been to answer this question for me. In order to play some games online or to


Closed Thread
 
Thread Tools Search this Thread
Old 10-23-2006, 10:51 AM   #1
Registered Member
 
Join Date: Oct 2006
Location: Oregon, USA
Posts: 204
OS: Windows 8 64



No one has ever been to answer this question for me. In order to play some games online or to host games online it is required to forward some ports in the router.

I am wondering if these ports are completely open all the time or are they only open for the program in question? The way I see it if a hacker wants to get into a PC the easiest way is to start with gameing ports. If this is the case then there is no reason to be behind a router. Are the millions of gamers with ports forwarded vulnerable or more vulnerable?

XP Pro SP2 (current updates)
ZAISS (current updates)

__________________
Damage_Inc is offline  
Old 10-24-2006, 05:59 AM   #2
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

They are open all the time. However, they're not as much of a security risk as you might think as a rule, since if the game is not running, there is no listener at the other end to compromise.

If you're concerned, you can always enable the Windows firewall on the machine the ports are forwarded to when you're not playing the game.

__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 10-24-2006, 10:36 AM   #3
Registered Member
 
Join Date: Oct 2006
Location: Oregon, USA
Posts: 204
OS: Windows 8 64


Hello, thanks for the responce. You say they arent as much of a risk as I might think. So are you saying no ones ever thought of this before? I find it unlikely. Would you be able to explain a bit about how an open port isnt much of a risk if the game isnt running? I am curious and web searches havent left me with anything relevant.

Could you go into more detail about why a hacker would not specifically target popular open ports on computers? Why they are or aren't much of a risk. As far as my concern, no one else is concerned about it so I dont see any reason to worry as well. However I am curious to the real risks.
__________________
Damage_Inc is offline  
Old 10-24-2006, 06:15 PM   #4
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

The way that open ports are normally used to gain entry is to use some exploit (weakness) of the application that is connected to that port. If no application is connected to that port, all communications to the port fall on the floor. That makes it difficult to make much headway in gaining access.
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 10-25-2006, 04:12 PM   #5
Registered Member
 
Join Date: Oct 2006
Location: Oregon, USA
Posts: 204
OS: Windows 8 64


Thank you, johnwill. Your info is appreciated :)
__________________
Damage_Inc is offline  
Old 10-26-2006, 11:50 AM   #6
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

Glad we could help.
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 10-30-2006, 07:48 PM   #7
Registered User
 
Join Date: Oct 2006
Posts: 2,088
OS: XP Pro



Quote:
The way that open ports are normally used to gain entry is to use some exploit (weakness) of the application that is connected to that port. If no application is connected to that port, all communications to the port fall on the floor.
johnwill, your assurance of "safety" is based on the times when the game is not being run.

Is it possible that an exploit could be found in the programming of the game/application that would allow access to more than just the game itself ?

It occurs to me that game programmers may not be "security" people, and might have weak protections.

Have you (or anyone else) ever heard of an application (like a game) being used as a means of breaching security and "hacking" into someone's computer ?
__________________
Girderman is offline  
Old 10-31-2006, 01:20 PM   #8
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

Sure, anything's "possible". I've never heard of that happening, but I'm not a computer gamer, so I don't travel in those circles.

Truthfully, open ports aren't that much of a security issue for the most part, especially the relatively oddball ones that most games use.

My defense against hackers is my router's firewall, current AV and spyware protection, and LOTS of backups that are off-line.
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 11-14-2006, 10:12 PM   #9
Registered Member
 
Join Date: Oct 2006
Location: Oregon, USA
Posts: 204
OS: Windows 8 64


I have another question along these lines. Even if my firewall is turned off OR (not and) I am on the DMZ and run the game with ports forwarded even then I am safe as long as the game isnt compromised, aka has no exploits.
__________________
Damage_Inc is offline  
Old 11-14-2006, 10:30 PM   #10
Registered User
 
Join Date: Oct 2006
Posts: 2,088
OS: XP Pro


My unqualified opinion is yes. How else would the traffic take place ? Something would have to be actively monitoring for when the game is active, and then take advantaged of the open port(s) using the program somehow, given the premise is that the game has no exploits. Guess it could be modified somehow in memory maybe.

There'd be the issue of leaving a signature of the modified file for malware scanners to find, but if this is a (rare) method, seems like that not be a great risk.

I was just (10 minutes ago) reading about how Googles equivalent of "MySpace" (something called "orkut") had an exploit run on it where orkut users opened jpeg files which then installed malware which sniffed out bank account numbers and mailed them off. Also, redistributed the jpeg files to infect other machines.

Quote:
The worm steals users' banking details, usernames and passwords by propagating through orkut. The attack was triggered as users launched an executable file disguised as a JPEG file. The initial executable file that causes the infection installs two additional files on the user's computer. These files then e-mail banking details and passwords to the worm's anonymous creator when infected users click on the "My Computer" icon.
http://en.wikipedia.org/wiki/Orkut
__________________
Girderman is offline  
Old 11-15-2006, 05:34 AM   #11
aka mr.fraggs
 
Fr4665's Avatar
 
Join Date: Nov 2004
Location: USA or Germany
Posts: 2,963
OS: Win XP,Vista,Android

My System

Send a message via ICQ to Fr4665 Send a message via AIM to Fr4665 Send a message via MSN to Fr4665 Send a message via Yahoo to Fr4665
what DMZ does is it basically sets that IP with that computer infront of the router not giving it a firewall and the port forwarding doesnt help there because its totaly open to any ports.

Game ports usually start around the 4 digits and up like wc3 with 6112 and counter-strike with 27015. there are no applicable uses for any telnet server or pinger to go through those ports.

one that wants to gain access goes through the ftp port 21 or the http port 80 or some other port that is automatically open when you connect to the net.

watch out when using irc as thers alot of little script kiddies trying to get a hold of your rig using irc ports.
__________________
I don't subscribe to threads please PM me if i miss a reply.
-------
Everest SensorView Pro DriverCleaner how to fix your game
Fr4665 is offline  
Old 11-19-2006, 10:10 AM   #12
TSF Team Emeritus, Networking Team
 
Cellus's Avatar
 
Join Date: Aug 2006
Location: Canada
Posts: 2,665
OS: Windows Vista Business SP1, Windows XP Professional SP3

My System

As John said, it's not so much the open port that is the exploit but the application/utility running behind it that's using it. Some popular applications and utilities use particular ports, and exploits using those ports are trying to exploit those programs.

There are ways to obfuscate those trying to scan you for open ports by holding certain services on a port that differs from the default or by using firewalls.

By the way regarding that exploit on Orkut, it's not exploiting JPEG files but trying to hide from the user the fact that that JPEG is actually an executable. I could have a virus on an executable called [i]readme.txt.exe[/url] and if you did not have full file extensions enabled on Windows Explorer you'd think it was a text file.
__________________
TSF Networking Team

Virus/Trojan/Spyware Removal Help
Donate!
Cellus is offline  
Old 11-19-2006, 12:51 PM   #13
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

IMO, one of the larger security risks is the ability to hide file extensions, it's something that I disable for anyone I work with right out of the box.
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 11-19-2006, 01:03 PM   #14
Registered User
 
Join Date: Oct 2006
Posts: 2,088
OS: XP Pro


Quote:
By the way regarding that exploit on Orkut, it's not exploiting JPEG files but trying to hide from the user the fact that that JPEG is actually an executable.
This is new to me. I have heard of "malware being hidden within jpeg files" and understood that to mean that within the 1's & 0's of the actual data there was an executable that would launch when the digital image was opened.

But from what Cellus is saying, it sounds like that is not the case; that the malware is just a "garden variety" virus that happens to have an extra extension to hide the file's true capabilities.

Do I have this right ?

If this is the case, then I would assume that these types of malware will never actually present some kind of image, and so if a file IS an image, one could also assume it was malware free ?
__________________
Girderman is offline  
Old 11-19-2006, 04:43 PM   #15
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

Many phishing schemes depend on the fact that most users have file extensions hidden, so they send a file that's named something like

bargains.txt.exe

They also make the program icon the same as notepad, so it looks like a text file if you have file extensions hidden. When you double click it, it runs the virus payload.
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 11-20-2006, 01:35 AM   #16
Registered Member
 
Join Date: Oct 2006
Location: Oregon, USA
Posts: 204
OS: Windows 8 64


Quote:
Originally Posted by johnwill View Post
IMO, one of the larger security risks is the ability to hide file extensions, it's something that I disable for anyone I work with right out of the box.
Ok, how do I do this? :P Is it in XP or my browser? I use FF2.0 primarily and occasionally IE when FF doesnt work.
__________________
Damage_Inc is offline  
Old 11-20-2006, 10:10 AM   #17
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

Windows Explorer, Tools, Folder Options, and uncheck the option shown.
Attached Thumbnails
Click image for larger version

Name:	file.jpg
Views:	58
Size:	57.1 KB
ID:	9290  
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 07-28-2010, 06:13 PM   #18
Registered Member
 
Join Date: Jul 2010
Posts: 1
OS: Mac OS X 10.5.8



Well, people definatley take the security risk too seriously. There are some definate aspect that need to be taken into account. Take Warcraft 3 for example, it needs ports 6112-6119 open, in order to host games.
-The Ports are ONLY open while the game is running. Once the game closes, he ports close.
-Once you've opened the ports you can turn your firewall back on, this will block almost all of the malicious intent, including that which may be attempting to enter through the ports.
-The games in warcraft 3 are only ten minutes, more or less. This means that a hacker would need to get in in 10 minutes, which is very hard just through warcraft 3 even without a firewall enabled, because warcraft 3 provdes no information about each user except their names.
-Lastly, with the thousands of ports available, the 8 that are opened ar 99.9% likely not to be targeted by malicious software.

Hope this helps, there really isn't much risk at all.
__________________
Jim Petterec is offline  
Old 07-28-2010, 08:22 PM   #19
Moderator Offline
 
Basementgeek's Avatar
 
Join Date: Feb 2005
Location: Ohio, USA
Posts: 11,625
OS: XP Pro SP3/Vista Ultimate SP2/Win7 64 bit



Closing this old post.

BG

__________________

ASAP member since 2006

Four boxes keep us free: the soap box, the ballot box, the jury box, and the cartridge box.

Basementgeek is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:11 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts