0

Running a port scan via Network Utility on OS X 10.14.5, turns up two different outcomes, depending on whether or not I have Visual Studio Code (1.35.1) open.

If the application is open, I'll get random ports around 64500 open as well, if not, these open ports disappear.

I've set up Little Snitch to prevent connections in/out from VSC (which may be overkill), but:

  1. How much of a risk is it to have these random ports open on my machine while I'm using Code?
  2. What other steps can I take to prevent any malicious behavior through these ports?
VSC_question
  • 1
  • Relevant https://security.stackexchange.com/q/95692/90657 – multithr3at3d Jul 18 '19 at 22:35
  • Is this a listening port or outgoing port? If they're listening port, are they bound to localhost/loopback address only or are they externally visible (e.g. bound to 0.0.0.0 or your LAN address)? If the ports are only bound to loopback address, then the risk should be fairly minimal. If they're bound to external address, then you should change to a non stupid text editor, there is just no reason for a text editor/IDE to open a listening port on external address. – Lie Ryan Jul 19 '19 at 02:32
  • I agree. How do I check that? – VSC_question Jul 19 '19 at 05:12
  • 1
    The comment "netstat -an" from command prompt will show the IP address and port. – hft Dec 15 '19 at 23:35

1 Answers1

1

If you have the firewall enabled, you're going to see ports when scanning from localhost which can't be accessed externally.

The question of "how much of a risk is it" can only be answered if you know what (specific)service is backing the port, and whether that service has vulnerabilities. As a general rule in security, don't assume risk without evidence.

It's pretty common for applications to open high-number ports to perform various functions(update checks, usage telemetry reporting, etc), and most of the time they're not listening for any kind of inbound communication.

Angelo Schilling
  • 681
  • 3
  • 11