1. Home
  2. Networking Firewalls
  3. Why is port forwarding more secure than opening up a port?

Why is port forwarding more secure than opening up a port?

I have never understood this very well, here is my current grasp of it..

If I open up port 110 on my router:

  1. If hacker is probing random IP addresses on that port, I will be flagged as open and he will come back and pay me a visit.

  1. Any Trojans, viruses, or other malware that works its way into PCs via port 110 will eventually stumble across my open port and infect me.

Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server PC):

  1. If hacker is probing random IP addresses on that port, will I will be flagged as closed? stealthed? worth a second visit?

  1. Any Trojans, viruses or other port 110 malware will squirm through my router and arrive at 192.168.0.5??

Please can someone clear this up for me.

Thanks

Paul

Reply to
Paul H
Loading thread data ...

Very unlikely. I'm not running anything on 110 here and I've forgotten when I last saw anything directed at 110.

What did you mean by "open up port 110 on my router"? It does not follow that you can be infected just because a port is 'open'.

Well if you really do have a pop3 server on 192.168.0.5 then it will respond like any pop3 server would. If you don't then it depends on how 192.168.0.5 responds, it will probably respond as closed.

If I were a personal firewall vendor I would say yes and you must buy my firewall software immediately. If I had a clue then I'd ask whether 192.168.0.5 is actually listening for incoming connections to 110. Even if it is it does not follow that your imaginary malware will be able to cause any problem. It would depend on whether your pop3 server has any known unpatched security vulnerabilities and whether or not the particular malware was designed to exploit such a vulnerability.

Jason

Reply to
Jason Edwards

On Thu, 16 Dec 2004 13:03:55 GMT, Paul H spoketh

Well, "forward" usually implied to allow inbound connections, and the term is mostly used with cheap NAT routers. "Open" usually refers to allowing outbound connections.

So, if you open (allow) outbound traffic on port 110, then an external scan will not show anything on port 110.

If you forward (allow) inbound traffic on port 110 to your pop3 server, then an external scan will show that port 110 is open and accepting connections.

Lars M. Hansen

formatting link
'badnews' with 'news' in e-mail address)

Reply to
Lars M. Hansen

How are you getting your Email, if you are not running a mail server on port 110?

Reply to
Charles Newman

Sorry your question does not make any sense to me.

I do run my own SMTP server but I have nothing listening for incoming connection requests from the Internet to port 110.

Jason.

Reply to
Jason Edwards

I see the main advantage for using NAT/PAT is this... A lot of servers in small businesses run most of the services on the same server. Like the server acts as a file, email, and webserver. Only people in the office need to access the file and web serverices on that pc, so they give the server an internal ip and NAT port 25 and 110 to it for external connectivity. that would keep the 'outside world' from knowing or accessing the filesharing and www services.. if you only had pop and smtp running on the server with everything else closed off and a local firewall running, why not put it on a dmz (give it a public ip).. basically, NAT if you dont know exactly what you are doing, or if you have services running that only internal users need access to. oh yeah, and os fingerprinting and tcp sequence prediction might be a little more difficult if you had nat on,,... unless a connectiong to your smtp server says HI I"M MICROSOFT SMTP SERVICE'

k
Reply to
k

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.