3

Background

To address a VoIP voice lag issue, my provider added port triggering rules for over 42,000 ports on my router, which seemed sloppy. And as I understand it, port triggering should only be able to resolve an inability to connect at all, not poor call quality once connected. But... the lag seems slightly better. So I'm weighing that possible improvement against any security risks.

Question

Consider a triggering range of 5060-6000 as an example. As I understand it, if my VoIP client initiates a connection to my VoIP provider over port 5061:

  • My router opens ports 5060-6000 for incoming traffic.
  • They remain open while the VoIP session is active, and probably briefly afterward.
  • During that time window, it will route all incoming traffic on those ports to my computer.
  • Incoming traffic can reach my computer from any sender on those ports, not just from the server I initially triggered to.

Assuming that's right (corrections welcome), does this only create vulnerabilities if there's a service on my PC listening and responding to that incoming port? For example, if I triggered port 80 and had a web server running on my PC?

Or can an attacker somehow access my computer or the rest of the network even without a listener for that port on my PC?

BolasStone
  • 131
  • 2
  • 1
    I don't think it will be an issue as long as you have nothing listening on said ports. Your computer (should) still reject the connections because it sees no program listening for a connection. – Rogue Jun 02 '16 at 15:50
  • 1
    Your question is really about how dangerous open ports in general are. The fact that they are only open for some time window does not change the scale of the dangers, it only limits the window of existence. So read through other, similar questions like http://superuser.com/q/82488/432792 and http://security.stackexchange.com/questions/9461/are-open-ports-dangerous. In general, like RogueCSDev pointed out, if nothing is listening on a port its not an issue. – Potaito Jun 02 '16 at 16:56
  • do a port scan on your machine for the range in question, if it's empty, no big deal... – dandavis Jun 02 '16 at 18:37
  • @potAito Thanks, helpful links. I wasn't sure whether triggering is the same. So it sounds like (1) a triggered port is no more secure than a forwarded port, just less persistent; (2) a port could be "router-open" (the router accepts traffic and routes it to my PC) but not "computer-open" (no processes on my PC is listening); and (3) if a port is "router-open", that doesn't let attackers access my router, or other computers on the network, or other ports on my computer. Sound right? If so, and if you post an answer like that with the links, I'll accept. – BolasStone Jun 02 '16 at 19:54
  • 1
    @BolasStone Yes that's about right. Regarding 1), well, theoretically if your port is only open while an application triggers it (and only this one port it uses), the application will block that port by listening to it. Meaning, if there was malware on your computer waiting for an open port, it would not be able to use it. But that's no guarantee and like you said, ports remain open for a bit afterwards.. Regarding 2-3), your router will almost always forward traffic receiving on one port to a local IP address. You are never opening a port for the router itself. – Potaito Jun 02 '16 at 20:48

0 Answers0