Safety of leaving ports open
-
I’m using a dual boot system on a Mac - using Bootcamp. I got windows just for Falcon…
I am only worried because I have to open ports on my router. So now, the ports are open for all the other computers on the house - all Macs. If I open them only when I will be using online falcon, then I have to reboot the router. That would be a nuisance. But maybe that would be best.
Any comments would be greatly appreciated.
-
As posted… ports communicate when the program connects… if the program is not there then there is nothing to communicate with, so no problem… No need to restart the router.
-
A small hint regarding router restart:
Some routers save the port forward rules only when you decide to “restart and save changes”.
Meanwhile the new port forward rules are set only temporarily.
If your router would loose power, the rules won’t exist on next start. -
If you have a router doing what a router should, then ONLY the one machine (Falcon4 PC) is seen from outside. The other machines are hidden.
You can also set the rule as trigger, but it need some handycraft. In this case the inside machine does not need to be explicitly named, so other PC:s might open it also - but that would be quite strange, and a malware on them does not usually NEED to have an outgoing rule to work.
When you are not playing Falcon4, and the rules is static, then the safety depends if there is “something else” (a malware) listening to those ports. Once again, if you have a network active malware in your system, having the ports closed is not any guarantee. I would say you can have them ports open for your flight sim PC without much of a problem.
You much more probably have UPnP allowed in the router, and that is decades of more grave safety threat.
-
I’m trying to get going on Falcon-Online and it needs some ports to be open. I am using a router that needs to be restarted when changing open ports.
I was wondering what was the problem with leaving ports open indefinitely. Does that pose significant security issues?
Thanks in advance,
Fed
Hi
Here’s a more complete, or verbose, explanation. A port is just a number used on a network connection to route that connection to a listening program. So when falcon is set up as a server it tells Windows “if any connection comes in with any of the port numbers in the range 2934-2937 attached to it, please connect that connection to me”. If falcon isn’t running as a server, or isn’t running at all, then in theory any connection that comes in with one of those port numbers will simply be dropped. Think of it as windows saying, “I know you want to connect to port 2934, but nobody’s home”. In this case it doesn’t matter whether Windows denies the connection or your firewall does.
But, there can be a problem if there’s malware already on your system. If you had a virus/trojan that decided to listen for instructions on port 2934 whenever falcon is not running, then someone from outside trying to communicate with that virus could do so if the port weren’t blocked by your firewall. And if your firewall didn’t block that port outbound too then it could happily connect to other computers it knows are listening on that port. This is simplistically how botnets work.
So in conclusion. If you are certain your machine doesn’t have malware (anti-virus programs reduce the chance of infection but don’t eliminate it) then leaving ports 2934-2937 open is perfectly fine and probably what most people do. If you are very security conscious, you’ll open and close the ports as needed.
Hope that helps a little.
A
EDIT: I read TKorho’s explanation only after writing this one. He basically says the same thing. Repetition was unintended.
-
Got it. Thanks everybody!! So let me summarize here for my setup:
I leave the ports open on my router.
When I run Windows from the bootcamp partition, falcon can communicate, because the windows firewall will allow falcon to communicate through it’s firewall, and the router will let communication go through those ports.
When I run Mac OSX on the other partition, the Mac firewall will block those ports. Also, there are no programs, presumably, listening to those ports. So, that partition, as well as other Mac computers in my house, should be safe.
Correct?
-
the weakest point in network/pc/etc security is the user. if the user is not carefull with the configuration of the sys/network he can compromise anything…
@HailRider what you state is true (there are other variants in the “equation” but the general idea is the one you stated above)
plus ports are usualy application specific or protocol specific.
F-4 ports are not in the “well known” list (ie port80 & 8080 are for http[transferring web pages]) so you should be ok
more info lies on the pure networking side… (socket address/osi model/netstat etc…) -
The ports are 2934-2935, the 6 and 7 are not used anymore. And you need UDP only, there is no TCP traffic at all.
Even the present malware should have the knowledge to use these specific ports, and as said above, they are not well known ports… So it would be rare happenstance that a malware would listen to those ports only, and another malware would try to connect to it. And especially with UDP packets.
It is far easier for the present malware to punch through with UPnP or use port 80 for outgoing or so.
With triggering you can use your OWN outgoing 2934 UDP traffic as the trigger, and open the inbound ports on the trigger condition. This would be already quite safe (but again would not protect from present and by happenstance Falcon4-ports-savvy malware…).
-
I rename my disk drives
ex: Z:, seems the software’s look for usually. My 2 cents
Programs that use ports only open when using the “ported” program
-
I rename my disk drives
ex: Z:, seems the software’s look for usually. My 2 cents
Programs that use ports only open when using the “ported” program
Heheh, nice idea.
-
UDP is pretty much harmless. Just block NETBIOS ports like 135-139, 445, and so on.
And try to disable unnecessary stuff like ‘remote registry’ etc
-
Since a few days one of my buddies is no longer able to connect with me.
A connection to the IVC server succeeds first, but breaks off when he connects via comms.
A connection without IVC is possible. It can also connect to another host normally; With ivc.
We have both installed BMS new… without success. Then I have disabled NetBIOS- filter on my router.
Since then the connection is working again. I would like to activate this filter again.
What can it be that my buddy can only connect to me in this case?