Open ports to allow P2P clients: The risks [RESOLVED]

[Guest]

[vespatian]

Hi all... Thanks for the great FAQ and help pages 

I have followed the FAQ and managed to sort out the NAT error when using Azureus with CPF. Really fast transfers now 

However, after scanning my ports with GRC 'Shields Up' I have noticed that the port I am using for Azureus is wide open on the internet, not just fo Azureus.

Is this a serious security risk? Is it not posible to only allow TCP/UDP connections from Azureus to this port? I am using one of the ports recommended by Azureus.

Would be nice if someone could clarify the risks to me and any possible solution Thanks! 


 (J)

 

[BullHorn]

That's exactly what I did with mIRC so I could use DCC and I had the exact same question and problem but no answer.

The port is wide open, right? For all TCP/UDP incoming through port ####, it isn't only set to be allowed by mIRC.

I'd like to be enlightened.

[vespatian]

Hey Bullhorn! Yup... Port is wide open for any connection... I opened peerguardian to see the log for 'allowed connections' and there were several connections coming in for that exact port with Azureus not even running!

No sign of worms or intrusions as such, but I dont like the idea of all these random connections :S

[BullHorn]

No answers yet...

Anyway, even if this IS a security issue, I'm sure it'll be easily fixed. Just add another box in that Network Monitor. Whenever you "add" a new allowed port, just choose target the application that you want to allow this port for.

[egemen]

Hi all... Thanks for the great FAQ and help pages 

I have followed the FAQ and managed to sort out the NAT error when using Azureus with CPF. Really fast transfers now 

However, after scanning my ports with GRC 'Shields Up' I have noticed that the port I am using for Azureus is wide open on the internet, not just fo Azureus.

Is this a serious security risk? Is it not posible to only allow TCP/UDP connections from Azureus to this port? I am using one of the ports recommended by Azureus.

Would be nice if someone could clarify the risks to me and any possible solution Thanks! 


 (J)

 

When you open the port, if an application listens on that port, it will be shown open. But if you close the listening application, it will be stealhted.

So the fact is "If Azerus is running and listening on the port you allowed in network rules, that port will be open. If Azerus is not listening, it wont be."

Have you opened all the ports? Let me see your network rules pls.


Egemen

[BullHorn]

Oh, now I get it.

All I gotta make sure is that I don't set a program to use a port that is used by some other oftenly-used Windows or similar important port, am I right?

[vespatian]

When you open the port, if an application listens on that port, it will be shown open. But if you close the listening application, it will be stealhted.

So the fact is "If Azerus is running and listening on the port you allowed in network rules, that port will be open. If Azerus is not listening, it wont be."

Have you opened all the ports? Let me see your network rules pls.


Egemen

Thanks egemen!

Hmmmm... GRC saw that port 'open' even when Azureus was not running. As far as I know no other application uses that port... It is within the range suggested by Azureus (begins at 49152)

Network rule I set up other than the defaul ones:

TCP/UDP In (ALLOWED)
Source IP: Any
Remote IP: My computer's network IP
Source Port: Any
Remote Port: My Azureus Port

[vespatian]

Hello again. You are absolutely right... When I shut down Azureus this time the specific port was stealthed.

My bad.


Thanks for help 

 (L)

[egemen]

Oh, now I get it.

All I gotta make sure is that I don't set a program to use a port that is used by some other oftenly-used Windows or similar important port, am I right?

Yes. Windows usualy does not use any ports other than well-known ones like 445,139,80,1900. The ports used by p2p clients are usually some random ports and not shared by any other common services.

Egemen

[Tags:]