11
1
Say I have a few ports open for gaming.
My questions are
Can I be hacked if the attacker knows my specific external IP?
Can hacker access my router and setting by getting through these ports? If so, how likely is this to be done? How easy can this be done?
With router's security setting, does it block out the attacker even with port forwarding open?
avsdvsdd
Posted 2013-03-05T14:39:21.543
Reputation: 151
8
Port forwarding lets people connect to the mapped port on whatever device you've pointed it at. The security rests solely with whatever software on that device is listening on that port. So say you've port forwarded 12345 to remote desktop on a PC you never update. Odds are it will be easy to get in to that, and then to whatever it has access to (maybe the whole LAN including the "secure" side of the router). On the other hand, if you port forwarded 6789 to port 22 on a Linux box you update every night, chances are very slim anyone will be able to break-in to it. #1 doesn't make sense, your IP is technically public. But if you had no ports open, there is nowhere to connect and try and break into. Some routers may have intrusion-detection features, but they may not be able to do things like decide if remote user X is you or a hacker trying to get to the forwarded port.
Luke Hollins
Posted 2013-03-05T14:39:21.543
Reputation: 121
Can the hacker get into my router cleanly if he guesses the port correctly? Meaning, even if I have mac filtering and wpa2 set up, he can just get in cleanly? – avsdvsdd – 2013-03-05T15:07:22.120
1
@avsdvsdd port forwarding has nothing to do with "getting into the router". MAC addresses can be spoofed, WPA2 can be broken, WPS was designed broken, but those have nothing to do with port forwarding.
– Rich Homolka – 2013-03-05T15:14:16.830Rich//What I was asking is if someone scans my port, and gets into my system, is he getting into my router or computer? I believe it's internet connection right? If so, does he have complete access of my documents in my computer and/or router??? – avsdvsdd – 2013-03-05T15:15:13.763
If you're scanned and nothing is open, there is nothing to break into. That's the default setup of most routers. If you port forward something to another machine then if there's something to break into on that machine, they could try. Also wifi and the internet, they're usually separated. – Luke Hollins – 2013-03-05T15:26:47.067
Thanks for the reply. So lets say port 80 is open. Hacker scans and sees that it's open. He gets in. Now what happens? If I have WPA2 and mac filtering, can he still bypass that if he doesn't have clue of the password or my mac address? Assuming this person is 300 miles away. And also, if they gets into the port, does he have access to computer or my network? – avsdvsdd – 2013-03-05T15:28:22.657
1@avsdvsdd in your head, you need to separate WPA2/MAC filtering and the open port. WPA2 and MAC filtering are to secure logging onto your network, to become a machine that is a part of your network. Port forwarding is to connect to a port on a machine on your network. Two vastly different things. and distance doesn't matter. Please make this a separate question, since comments are very small to answer these questions. – Rich Homolka – 2013-03-05T15:45:40.403
@avsdvdd It's not using wireless it's over the Internet. Distance won't affect it at all. If the MAC filtering is for DHCPD on the LAN and wifi side of the router it won't block incoming Internet connections. What a person can do only depends on what you have setup to listen on the port. – Luke Hollins – 2013-03-05T15:48:01.737
5
From your question and comments I think you're a little unclear on what's happening. I'm not sure how to teach you how to run your router, i think you need to talk to someone near you to show you these things.
Port forwarding is when your router allows outside machines to initiate connections to a machine on your network. It doesn't allow any special access to the router internals, just a connection to your inside machine.
The security issue here is not your router, but your machine. Before, it was invisible to the Internet, and therefore somewhat safe. Now the internal machine can be reached. Is your internal machine safe? Is it patched? What's on that port?
As far as your specific questions:
They always know your external IP address. Any connection you make to someone will show your external IP address. I can try to ping the entire Internet (and with a botnet, some people try) and find your external IP address. If you're connected to the Internet, the external IP is exposed. Also, this has nothing to do whether your ports are forwarded or not.
A hacker can not access you through the forwarded ports. But your router may be set up to allow configuration on a web port. How to set this up is different for each router, but make sure anything similar to "allow configuration on WAN" is disabled. Allow LAN configuration only.
This is a hard question. Most routers are just routers. They do not know what an Attacker is. They're too dumb to know "good guy" from "bad guy". Some routers also have Firewalls. They know certain bad guys, and will filter those out. But your router probably has no filters on this port. If anyone tries to connect, they're probably let in.
Also, in your comments, you ask a lot of questions. The tradition here is to take new questions out of comments and as separate questions. Please try to ask your MAC filtering questions in a new question.
Good luck. Security is very hard. Even the experts don't get it right every time.
Rich Homolka
Posted 2013-03-05T14:39:21.543
Reputation: 27 121
1I would add - forwarding a port to an internal computer doesn't expose a "folder" (as one of the other answers/comments suggested) but exposes whatever process is configured to listen on that port. If that process is properly configured and implemented, it shouldn't expose anything beyond its own public "interface" (services, etc.) but it is possible that specific applications are vulnerable to attack vectors such as buffer overruns. A vulnerable application may be exploited to provide access to far more than its own folder - anything within the security context of the user it runs as. – GalacticCowboy – 2013-03-05T15:48:55.390
So when you say security context, what are you referring to? Does that mean the attacker can gain access to my network or machine itself? – avsdvsdd – 2013-03-05T15:51:35.847
If the application is exploitable and runs in the context of a high-access user, possibly. However, this level of exploit is relatively rare and is usually patched quickly. In this context, you wouldn't normally run D2 as an administrator, which reduces the potential attack surface. – GalacticCowboy – 2013-03-05T15:52:56.903
1And it's important to also keep in mind, this is only a potential exploit. It doesn't mean that your machine is actually vulnerable to anything, just by enabling port forwarding. The specific context - what application is servicing that port - matters. – GalacticCowboy – 2013-03-05T16:00:32.100
2
Open ports on a network are always a vulnerability of sorts, however the odds of having someone actually try to attack your network on those ports is really low. Chances are, for gaming, you're looking at like port 80 for HTTP, port 88 for UDP, and then program specific ports like 3074 for the Xbox360, or 6112 TCP for Diablo II. As I said before, an open port is always a vulnerability, but if someone actually cared enough to attack your home network the odds are there would be easier ways for them to get in than on these specific ports. If you're worried about someone getting access to your router specifically, just disable remote logins so that you have to be physically connected to login into it.
Short and simple, so long as you're only opening the specific ports games ask you to, then it's really unlikely for you to run into trouble. Just because someone knows you've got port 80 open on your router doesn't suddenly give them access to your router or your computer.
Mono
Posted 2013-03-05T14:39:21.543
Reputation: 764
If Diablo 2 port is open, can the attacker get into my system(assuming he lives 300 miles away) and get access to my computer and/or router? – avsdvsdd – 2013-03-05T15:18:22.810
What are the ramifications for someone being able to scan the port and visualizing it? Are game ports like 6112 easy to penetrate? I heard that it's not so easy to penetrate as Blizzard controls it. – avsdvsdd – 2013-03-05T15:19:11.047
It's not really a point of intrusion. The ports are frequently used to access specific types of files, like in the case of Warcraft III maps, or characters in Diablo II. These files are all local, so other players need to be able to access them and download them so you can play together. Frequently in more modern games things like maps and characters are hosted on a server owned by the company who published the game, rather than on individuals computers. If files are hosted by users, then ports are needed to be open to give others access to just those specific files. – Mono – 2013-03-05T15:22:49.860
What about ports like 80? For this port, if someone scans, and finds open port, gets in, what could happen? Do they need to bypass the WPA2 passcode to get into my network? Or are they just in basically? – avsdvsdd – 2013-03-05T15:24:36.483
If they are in, do they need to still bypass WPA2 security then to get into my system? – avsdvsdd – 2013-03-05T15:26:46.370
I have remote logins disabled, so noone can get in from 200 miles awa if a person is targeting me specifically? My bad about asking multiple questions. – avsdvsdd – 2013-03-05T15:31:03.480
They just have access to the specific folder that the program has the port mapped to use. Port 80 is for web, so something like Apache2 would use it, and an intrusion there would mean they would be able to see the files in your web folder, more than likely just being the html source files for your website's pages.
They don't need your WPA passkey, but they're not getting access to all of your files, just the specific ones utilized by a program. Port 80 is a reserved port just for non-secure web connections, so having that open doesn't just suddenly give someone access to your excel files. – Mono – 2013-03-05T15:31:08.800
Oh I see...thanks. So for Diablo 2, port 6112, lets say, they have specific access to that file only? If I have disabled remote login, and the attacker is 300 miles away, what are some of the ways he can get into my system? Does ARP spoofing work at all in this case? – avsdvsdd – 2013-03-05T15:33:25.223
In that case of Diablo II, they'd have read-only access to your character files, in which there is no useful, vital or private information stored.
With remote logins disabled, all that means is someone cannot manage your router without being hardwired to it (though they could theoretically remote desktop into your hardwired computer), and even then, they would still need to know your router login and passkey.
ARP spoofing only works on your LAN, this tactic could not be used remotely. – Mono – 2013-03-05T15:37:15.953
Oh wow. you clarified things so easily! Thanks for that. So basically without remote access enabled, there isn't a way to get in(feasibly possible) normally. Is remote desktop to hardwired computer easy to do? – avsdvsdd – 2013-03-05T15:40:55.817
is remote desktop access something a person can do over 300 miles away? – avsdvsdd – 2013-03-05T15:45:13.783
Remote desktop connections are not generally a good way to hack someone, even if is enabled. RDP in 'hacking' is really more used for things like phishing scams, as you to gain access you'd pretty much need to give someone your login credentials. RDP can be done from anywhere, but it's disabled by default and by no means 'easy' to use as a point of access. – Mono – 2013-03-05T15:47:58.430
You need to have remote desktop configured on a machine for someone to remote desktop to it. It would also need to have a terrible password and the proper port forwarded for it to be accessed by unauthorized persons. Don't confuse this with remotely configuring a router through a web interface, a setting which would need be manually checked by the owner of that router. – Bryan – 2013-03-05T15:49:48.567
Ok so it only works for hardwired machines, correct? What are some of other ways to get in to my network then? I have mac filtering with WPA2 enabled. It does seem like you covered it all. – avsdvsdd – 2013-03-05T15:50:16.633
2This question is very broad. I think you need to do some research and if you get stuck on a more specific point, feel free to ask :) Please don't read my comment as rude, it's not meant to be! The security with port forwarding goes further than the router! – Dave – 2013-03-05T14:50:21.710
Any broad answers are fine. I just want to know how vulnerable I am with port forward open. And if anyone can search for ports and connect to my router/laptop. – avsdvsdd – 2013-03-05T14:51:12.717
1Yes, people can search for your ports etc. As I said, you may want to secure your PC and not your router. If you open something to the outside world for yourself, people you trust etc means you've opened it to all! In regards to broad questions, they are also considered off topic here. The more specific the question, the better it is for this Q & A site. – Dave – 2013-03-05T14:56:14.530
I do have mac filtering set up. So if a hacker gets through my port, he can just get through router cleanly without even having to guess the WPA2 password? – avsdvsdd – 2013-03-05T15:05:45.960
Are you there Dave? – avsdvsdd – 2013-03-05T15:14:04.233
2@avsdvsdd This is a question/answer format site. Question/answer isn't live chat. And that isn't what comments are for. – killermist – 2013-03-05T15:15:28.667
I am a newb, but thx for reminding. I just wanted to get the question answered. – avsdvsdd – 2013-03-05T15:16:35.713
All I will say is don't panic. The ports are opened to play games, I assume millions of people world wide do this. There typically is no point in hacking a user like yourself unless you happen to host a database of credit card numbers of similar. I do suggest you actually do some research yourself though. – Dave – 2013-03-05T15:22:32.630
What if someone is targeting me? If someone scans the port, and gets in, what are the ramifications? – avsdvsdd – 2013-03-05T15:23:14.597