In computer networking a port is a software construct serving as a communications endpoint in a computer's host OS.
10
votes
4answers
2k views
Dangers of opening up a wide range of ports? (mosh)
Why do we generally configure firewalls to filter out all traffic that we don't specifically allow? Is this just an extra layer of security for defense-in-depth that buys us nothing if we are not ...
7
votes
3answers
2k views
How to listen to all ports (UDP and TCP) or make them all appear open (linux)
I got an external Debian server. The problem is that my university campus doesn't allow connections to go outside when the port is different than TCP port 22, 80, 443, or UDP port 123. I tested them ...
7
votes
2answers
693 views
ports blocked by firewall and not the server
I was asked this question at an interview and i wasn't sure about the answer. The question was "suppose you were checking the open ports on a particular webserver which was behind a firewall, how ...
5
votes
2answers
211 views
How should an outgoing connection white-list be created?
I see my previous question was closed as duplicate of Why block outgoing network traffic with a firewall?. The answers that everyone agree with mention the value of blocking outgoing connections (to ...
4
votes
3answers
435 views
How to figure out which open ports or services are insecure?
We have around one thousand machines on internet. We do port scanning with nmap, and find many ports open on these machines. Sometime we found administrative website using HTTP instead of HTTPS, we ...
4
votes
2answers
268 views
Is it good practice to manually lock down ports on each host
We have a strong perimeter firewall. Would it make sense to still use IPTables on each host to hard block any and all ports except for the ones that are needed (DNS, 80 for the web server, nagios ...
4
votes
2answers
7k views
How do hackers take advantage of open ports as a vector for an attack?
It is widespread knowledge, and therefore a common practice, to close open ports on any machines connected to the internet.
If for example, a typical program uses port xyz as it's communication ...
4
votes
4answers
574 views
How can I scan open ports without being traced back
I would like to scan open ports of a server. But as far as I know, when I try to scan the open ports with something like nmap in shell they would be able to trace me. Is there a way to secure this ...
3
votes
2answers
303 views
If a port is closed how come you can still use it?
What does it actually mean for a port to be closed or stealthed? According to tests I've run all my ports (tested) are stealthed but clearly I can still use the internet. Also are the terms "blocked" ...
3
votes
3answers
731 views
Which of these ports are safe to leave open, which are not?
I just ran nMap against my IP address and got the following result:
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
443/tcp open https
...
3
votes
3answers
201 views
Is there is a way to lock my USB port over the device physically?
Is there is a way to lock my USB port over the device physically ?
For example I am connecting the USB mouse and keyboard on an public computer but I do not want anyone to remove them physically. I ...
3
votes
2answers
290 views
How helpful is rkhunter?
I have a software firewall implemented on my server, and I have closed all unnecessary ports. I have strong passwords, and I validate user input on my website.
With these things already in place, do ...
3
votes
1answer
415 views
How does OS detection work in practice?
I was wondering how OS detection really works on Nmap. I know it is about to send different tcp probes to see how the target machine responds to them.
But what kind of probes would distinguish a ...
3
votes
2answers
306 views
Detect what is running on an open port?
I have a wireless camera in my network. Running nmap on the camera, I discovered that the port 1010 is open but I could not find what it is used for. I looked in the administration pannel and did not ...
3
votes
2answers
67 views
Auditing Existing Socket Connection
Is there any way to interact with a program's socket traffic without installing Winpcap?
I understand that the one listening program per port is a restriction regarding TCP/IP, but I guess I'm more ...
3
votes
2answers
127 views
How to practically detect current system net traffic?
I know that some viruses or trojans can install rootkits or bootkits to change system's normal behaviour; AFAIK for example filter queries for running processes or even hide active TCP ports.
My ...
2
votes
5answers
164 views
How to bypass Nmap blockage?
I rent a server, and my provider seems to be blocking nmap. Is there any other tools I could use to test my home network from the outside?
Also, does blocking nmap on a network provide any security?
...
2
votes
2answers
188 views
Tools/methods helping to determine application/protocol serving specific port
I do blackbox testing of the server and figured out that there is a bunch of listening ports. I need to determine what services/protocols those ports are used for.
What I've tried so far is to use ...
2
votes
3answers
157 views
Closed Port security
I have what I think is a security IT question (I'm more of a programmer myself).
Assuming I am running a dedicated machine (say a PC) for a single program, meaning that the only port visible and open ...
2
votes
2answers
358 views
how to identify p2p on network
Im trying to work out if the traffic in the below image is P2P file sharing?
If you notice the source ports are all random but the time 17.24 from c.port 58338 runs for a good length maybe about 400 ...
2
votes
4answers
2k views
Router Ports open
What ports on my home router should be open, say if I'm only using it for browsing the internet. Right now these four are open,
23/tcp open telnet
53/tcp open domain
80/tcp open http
...
2
votes
3answers
248 views
Is it really better to use port 80 or 443 for outgoing traffic in order to bypass user firewall?
I recently created a reverse connection shell in C#. I tested it with some computers and I noticed that some computers connected back correctly and I established connection with them but another ...
2
votes
1answer
546 views
Is opening both TCP/UDP less secured than just TCP or UDP when needed and why?
If application needs opened port X UDP, or X TCP combination. Is there any potential risk by opening both UDP/TCP as I usually am not sure which one the application uses?
2
votes
1answer
151 views
Unknown Service Identification
How can one identify a service running on a non-standard port? I'm not talking about services like webserver or FTP since nmap can do that without any problems. I'm talking about services that are not ...
2
votes
1answer
459 views
Analyzing wireshark results (openvpn)
I signed up to Mullvad for VPN service, and manually run OpenVPN from my Linux box.
I rebooted my computer and make sure not to start any OpenVPN service. Yet when I did a Wireshark analysis I am ...
2
votes
1answer
147 views
How should I audit and monitor shared TCP ports in Windows?
Windows has a feature called .NET TCP Port Sharing which allows different .NET applications to share the same TCP/IP port.
I would like to monitor the source and destination connections of each ...
2
votes
2answers
2k views
Does portforwarding present a risk to anonymity?
AirVPN by default has all ports closed but allows port-forwarding. I think this is required for P2P. Is this a threat to anonymity (e.g. would the person at the other end of the P2P transmission know ...
2
votes
1answer
2k views
Detected Port Scanning Attack in ESET Smart Security
I receive a number of notifications from ESET Smart Security about Port Scanning attack. But I'm behind a router. But as far as I know, computers behind a router is not accessible from others (Please ...
2
votes
0answers
43 views
Could you attack a port without knowing what service was listening? [duplicate]
A lot of discussion I see suggests that changing default ports for services is just "security by obscurity" and is easily defeated by scanning for open ports.
My question is this, though, if the ...
1
vote
4answers
229 views
What configuration will allow another computer in the internet to probe my computer's ports?
I've just tested my computer with Gibson's port scan test:
The test results stated that my system is "uncommon". It also said that my computer deliberately chose not to return. But I did not do any ...
1
vote
2answers
443 views
SUN Remote Procedure Call Port 111 [closed]
I have found on my machine port 111 is open. This is listed as RPC.
I understand there are possible attacks on this port. How can my machine be attacked if port 111 is open?
How can I secure this ...
1
vote
3answers
349 views
Bibliography of attacks by port scanning techniques
I have to present a paper and make a presentation about the principal types of attacks by port scanning. What literature do you recommend to cover enough information about: types of attacks, port ...
1
vote
2answers
1k views
Why is system32/ntoskrnl.exe blocking port 80?
Today I've tried to start the Visual Studio Developer IIS as usual on Port 80, but this time it has quit with an error that port 80 is already in use. With netstat I've found out, that an application ...
1
vote
3answers
401 views
How to check if a port can be accessed from the outside
I want to be sure that the firewall protecting the intranet is effectively rejecting/granting access to a port. I have no access to the firewall nor any other external machine.
Is that possible at ...
1
vote
2answers
140 views
Spike in TCP port 5904 activity - what for?
There is an 'Internet Weather Report' on the Threat!Traq video blog by AT&T security researchers. In the March 14th broadcast, at around 31 minutes in, they mention an increase of scanning ...
1
vote
2answers
133 views
How to configure iptables for must open ports?
On my machine there are web services which can be accessed from any PC connected to the same network segment (WiFi for example). I want to use IPtables on the machine to prevent any web services from ...
1
vote
2answers
304 views
When can closing port 80 be a problem?
Since port 80 is typically used for HTTP must a web server have it open or otherwise configure links to specify a different port (e.g. http://www.example.com:8080/mypage.html)? For example this site ...
1
vote
1answer
100 views
Vulnerability by leaving an open port in a pc
I have the following set-up.
Home pc ---reverse ssh tunnel---> to linux server
The reverse ssh tunnel is set-up so that on my home pc, port 22 is open, but I have nothing currently listening on that ...
1
vote
1answer
468 views
Nmap port scan and FTP bounce
Suppose that there is a network of machines, and there is a server with ftp server that allows ftp bounce.
I do a nmap scan on the network nmap -sC -some other parameters network address.
Does nmap ...
0
votes
3answers
270 views
Is it possible to “close” a port by dos'ing it?
If I see port 25 is open, but I dont have access to the program running the smtp server, could It be flooded with enough information to make it unusable (but not affect any other services)?
0
votes
4answers
111 views
SYN scan victim sending back RST
I'm confused on the case of SYN scan and closed ports (the case of open ports makes sense). So, the attacker sends a ~40 byte SYN packet, a "closed port" would send a RST packet back to the attacker ...
0
votes
2answers
239 views
Unexplained downloading
I was just watching as my bandwidth monitor spiked downloading a file. I checked my current netstat and I didn't recognize one of the IPs so I started capturing the data with Wireshark.
The ...
0
votes
3answers
89 views
How can i reject connection from LAN and WAN to some ports?
Scanning with nmap, I discovered that there are 3 open ports on my server. I want to deny any access to these ports from any machine, regardless of whether it is on the same LAN or via WAN. How do I ...
0
votes
2answers
144 views
can a backdoor executable be used on an occupied port?
Suppose I am doing a penetration test on a network that has a firewall that blocks all ports except 80, 110, and 443. I want to use a metasploit reverse-TCP backdoor executable written in msfpayload ...
0
votes
1answer
72 views
Ports used by Online Email Accounts such as Yahoo Mail, Gmail etc
Let us say that I send an email using Yahoo Mail or Gmail. Can this email be intercepted using a packet sniffer?
On which port does the email travel? HTTP, SMTP, POP3?
Thank you.
0
votes
2answers
74 views
Security implications of forwarding ports 1-10000 on Airport Express?
Today I found that ports 1-10000 were being forwarded on an Airport Express that I as well as a fair number of other people share. This was setup by another user. There are multiple machines and ...
0
votes
1answer
91 views
how is my router being modified to include WAN port-binding items for Teredo and Spotify [closed]
My router's configuration app (browser-interface) has a page for Virtual Server. It has entries I did not create, at least not intentionally using the interface, for Teredo, Skype, Spotify, uTorrent.
...
0
votes
1answer
329 views
Telnet local privilege escalation exploits possible even when telnet is running under a normal user account?
http://www.exploit-db.com/exploits/8055/ says:
The telnet protocol allows to pass environment variables inside the
telnet traffic and assign them to the other side of the tcp connection.
The ...
0
votes
0answers
91 views
Tool too scan open ports on a firewall [closed]
How can we check which ports are open on a firewall that use header flags?
Any free tool that sends packets to the host to map these ports?
0
votes
0answers
22 views
Security value of restricting ports for outgoing connections [duplicate]
Possible Duplicate:
Why block outgoing network traffic with a firewall?
Please provide a clear explanation of what the value would be for this? If you have set up a firewall that blocks all ...
