I DID IT! Achieved security perfection!

[PCBruiser]

Quote:

Originally Posted by TCM

may i ask what the problem is with a connection attempt to the port that's normally used by a trojan if you don't run that trojan? that's not an attack.

of course, if the possiblity exists that you actually run that trojan, then you have other problems already.

It isn't a problem as long as the port is at least blocked and even better stealthed. If a port isn't blocked, you don't need a trojan to actually be in residence, an attacker can get access via any open port. While some trojans do act as responders on open ports, others simply call out without needing anything to trigger it. BTW, by blocked, I mean to both inbound and outbound communications. That's why SPI is important as well as having a software firewall which blocks at the program/service/dll level as well.

[azproc]

hmm... I see.


If I have an open port for a given app in my router, but also have a software firewall, can ONLY the program destined for that port use communicate, or can an attacker get through? I would think that my software firewall blocks these, as I get occasional security intrusion attempts on opened ports, logged by NIS.

[pointreyes]

In case you wanted to lookup the ports being scanned, this link will tell you what the expected usage of the port is: http://www.iana.org/assignments/port-numbers

Run netstat -a at the command prompt to get an idea of what ports are currently active on your computer.

[azproc]

Thanks for the link... a good favourite to add.... . Still wondering about the question above though .

[PCBruiser]

Quote:

Originally Posted by azproc

hmm... I see.


If I have an open port for a given app in my router, but also have a software firewall, can ONLY the program destined for that port use communicate, or can an attacker get through? I would think that my software firewall blocks these, as I get occasional security intrusion attempts on opened ports, logged by NIS.

You are correct. And, that is the reason why Stateful Packet Inspection (SPI) is an important factor in any hardware firewall. SPI acts as a "one way door" allowing inbound packets on open ports only if they are in response to an outbound request. Unrequested packets cannot pass through a router with SPI even if the port is open. And, as I indicated above, why you still need a software firewall which operates on a program level, permitting only allowed programs to access the internet. A hardware firewall cannot tell what program originates a packet request.

[TCM]

Quote:

Originally Posted by PCBruiser

If a port isn't blocked, you don't need a trojan to actually be in residence, an attacker can get access via any open port.

this is just plain wrong. can we please stop spreading misinformation as if it were true?

are you saying is that every web site, every mail server, every machine out there with an open port could easily be broken into if just someone wanted to? my bank has port 80 and 443 open on their web server. i have port 25 and 80 open on my computer.

how do you get access now?

hint: read above where i talked about applications _and_ the necessity to have a security hole in that application.

edit: added the first part of the sentence to the quote. a port is only open if an application is listening on it. if you don't run a trojan, then the port must have been opened by some other program and even then this program would have to have a security hole to pose a threat.

[azproc]

Quote:

Originally Posted by PCBruiser

SPI acts as a "one way door" allowing inbound packets on open ports only if they are in response to an outbound request. Unrequested packets cannot pass through a router with SPI even if the port is open.

I think you need to read between the lines TCM... PCB said it here. It is part of what I asked. This is what you're trying to say isn't it?

[TCM]

Quote:

Originally Posted by azproc

hmm... I see.


If I have an open port for a given app in my router, but also have a software firewall, can ONLY the program destined for that port use communicate, or can an attacker get through? I would think that my software firewall blocks these, as I get occasional security intrusion attempts on opened ports, logged by NIS.

there's a misconception in there. you referred to "open port" when you probably meant "forwarded port". "open" usually refers to ports with the state "LISTEN" in the output of netstat -a.

[azproc]

I have "open" ports in my software firewall (ie port 80)... Yes the router uses "forwarded ports".

[TCM]

Quote:

Originally Posted by azproc

I think you need to read between the lines TCM... PCB said it here. It is part of what I asked. This is what you're trying to say isn't it?

actually, that part of PCB doesn't really make sense when i think about it.

let's see.

Quote:

SPI acts as a "one way door" allowing inbound packets on open ports only if they are in response to an outbound request. Unrequested packets cannot pass through a router with SPI even if the port is open.

an open port doesn't initiate requests but it sounds like that.

edit: after thinking some more i can only guess what PCB meant. when a computer initiates a connection to another computer, then it uses a source port for that connection. so when you connect with your browser to host1 port 80, the connection might look like yourip:65432 -> host1:80. that does NOT mean that port 65432 on your computer is "open" in the sense that it is set to the LISTEN state and accepts connections from the outside.

[TCM]

Quote:

Originally Posted by azproc

I have "open" ports in my software firewall... Yes the router uses "forwarded ports".

wrong. if you "open" a port in a firewall you are just telling the firewall "don't block it". that still means the underlying operating system has to have that port "open" aka LISTEN in netstat -a. if i forward port 12345 on my router to my pc and also tell the (imaginary) firewall on my pc to not block port 12345, then there's still no open port since i don't run any program that listens on that port.

in effect, the port is still closed when probed from the outside, i.e. the operating system's network stack replies with RST.

[azproc]

Notice that I say that I have a program accessing that port in addition to having it "open" or "forwarded" for the lack of any arguments.

[TCM]

Quote:

Originally Posted by azproc

Notice that I say that I have a program accessing that port in addition to having it "open" or "forwarded" for the lack of any arguments.

do you actually mean the program uses that port to listen for incoming connections? "accessing that port" sounds like the program is not on your computer.

your general confusion with basic terms makes it hard to understand what you mean and it shows a huge deficiency in understanding of concepts.

really, making it necessary to correct every statement due to misuse of basic terms prevents any real discussion.

[Kipperfillets]

Quote:

Originally Posted by pointreyes

In case you wanted to lookup the ports being scanned, this link will tell you what the expected usage of the port is: http://www.iana.org/assignments/port-numbers

Run netstat -a at the command prompt to get an idea of what ports are currently active on your computer.

You guys must be able to read fast as when I type that in the window is only there for a fraction of a second! is there a way to make it stay open?

[theonlybabyface]

The best and easiest way to stealth all of your ports and get a perfect rating at Shields Up!! is to enable DMZ on your router and point it to a non-existent IP address in the range of your gateway but NOT one of the IP's on your LAN.