Urban75 Home About Offline BrixtonBuzz Contact

How much should you worry about open ports?

savoloysam

savoloysam

Britain's Most Wanted.
I am only a half clued up about deep tech stuff but a few of you here know your stuff.

I gather that, and correct me if I am wrong, open ports are required otherwise there is nowhere for the data to travel right?

If so then at what point do you become concerned?

I've scanned my network with Portdroid and found...

30 open and no closed ports on my mobile network despite having a fully paid VPN. This seems quite worrying to me.

2 open ports on my home router (domain name user and http world wide web)

2 open ports on my firewall (SSH and DNS)

Are they any issues I should look at here and if so what?
 
Last edited:
savoloysam said:
I am only a half clued up about deep tech stuff but a few of you here know your stuff.

I gather that, and correct me if I am wrong, open ports are required otherwise there is nowhere for the data to travel right?

If so then at what point do you become concerned?

I've scanned my network with Portdroid and found...

30 open and no closed ports on my mobile network despite having a fully paid VPN. This seems quite worrying to me.

2 open ports on my home router (domain name user and http world wide web)

2 open ports on my firewall (SSH and DNS)

Are they any issues I should look at here and if so what?
Click to expand...
DNS (port 53) stands for Domain Name Service it's the thing that converts human readable URLs (like www.urban75.net) that you understand into the string of numbers that computers understand so if your using the web you need it open.
SSH (port 22) stands for Secure SHell. If you're not using the command line to connect to remote servers (my guess is you aren't) you probably don't need it open personally but you might (depending on what you have installed) have some software that uses it as a transport mechanism to communicate with remote processes. It is however as the name suggests very secure and all traffic that travels over it is encrypted.
I would expect both of these to be open on pretty much any firewall along with http (port 80) and https (port 443).
VPN's don't provide security as their primary function they provide anonymity (useful for nicking videos off Hollywood). It basically creates a tunnel between your PC/tablet/phone whatever so you only send traffic to the VPN servers and they then forward it on and route the response back to you. Your ultimate destination sees the IP address (string of numbers) of the VPN server rather than yours.
It's not unreasonable that the VPN leaves most common ports open since they don't know which ones you might want to use and would expect you to block them locally.
Post up the list and we can probably tell you what they are for.
 
MickiQ said:
DNS (port 53) stands for Domain Name Service it's the thing that converts human readable URLs (like www.urban7.net) that you understand into the string of numbers that computers understand so if your using the web you need it open.
SSH (port 22) stands for Secure SHell. If you're not using the command line to connect to remote servers (my guess is you aren't) you probably don't need it open personally but you might (depending on what you have installed) have some software that uses it as a transport mechanism to communicate with remote processes. It is however as the name suggests very secure and all traffic that travels over it is encrypted.
I would expect both of these to be open on pretty much any firewall along with http (port 80) and https (port 443).
VPN's don't provide security as their primary function they provide anonymity (useful for nicking videos off Hollywood). It basically creates a tunnel between your PC/tablet/phone whatever so you only send traffic to the VPN servers and they then forward it on and route the response back to you. Your ultimate destination sees the IP address (string of numbers) of the VPN server rather than yours.
It's not unreasonable that the VPN leaves most common ports open since they don't know which ones you might want to use and would expect you to block them locally.
Post up the list and we can probably tell you what they are for.
Click to expand...
urban7?
 
savoloysam said:
I am only a half clued up about deep tech stuff but a few of you here know your stuff.

I gather that, and correct me if I am wrong, open ports are required otherwise there is nowhere for the data to travel right?

If so then at what point do you become concerned?

I've scanned my network with Portdroid and found...

30 open and no closed ports on my mobile network despite having a fully paid VPN. This seems quite worrying to me.

2 open ports on my home router (domain name user and http world wide web)

2 open ports on my firewall (SSH and DNS)

Are they any issues I should look at here and if so what?
Click to expand...
You shouldn't really have any open ports on a home network unless you have a specific reason and have opened them yourself. Http on a home router and SSH on your firewall would be a major security hole.

But, you also shouldn't have the home router and the firewall having outside internet connections. Where did you do the port scan from? Was it definitely from the outside? You can have whatever you want open internally. It's only dangerous when they are open to anyone on the internet.

What's the mobile network? And what do you mean you have a VPN on it?

Give me your external IP and I'll see what I can see.
 
MickiQ said:
DNS (port 53) stands for Domain Name Service it's the thing that converts human readable URLs (like www.urban75.net) that you understand into the string of numbers that computers understand so if your using the web you need it open.
SSH (port 22) stands for Secure SHell. If you're not using the command line to connect to remote servers (my guess is you aren't) you probably don't need it open personally but you might (depending on what you have installed) have some software that uses it as a transport mechanism to communicate with remote processes. It is however as the name suggests very secure and all traffic that travels over it is encrypted.
I would expect both of these to be open on pretty much any firewall along with http (port 80) and https (port 443).
VPN's don't provide security as their primary function they provide anonymity (useful for nicking videos off Hollywood). It basically creates a tunnel between your PC/tablet/phone whatever so you only send traffic to the VPN servers and they then forward it on and route the response back to you. Your ultimate destination sees the IP address (string of numbers) of the VPN server rather than yours.
It's not unreasonable that the VPN leaves most common ports open since they don't know which ones you might want to use and would expect you to block them locally.
Post up the list and we can probably tell you what they are for.
Click to expand...
I'm not sure those ports need to be open on the inbound side for the reasons you describe - nobody's going to be making DNS queries of the OP's computer, for example, and outbound ssh traffic can work if the inbound ssh port is closed. Likewise HTTP and HTTPS, unless the OP is running a webserver?
 
MickiQ said:
DNS (port 53) stands for Domain Name Service it's the thing that converts human readable URLs (like www.urban75.net) that you understand into the string of numbers that computers understand so if your using the web you need it open.
SSH (port 22) stands for Secure SHell. If you're not using the command line to connect to remote servers (my guess is you aren't) you probably don't need it open personally but you might (depending on what you have installed) have some software that uses it as a transport mechanism to communicate with remote processes. It is however as the name suggests very secure and all traffic that travels over it is encrypted.
I would expect both of these to be open on pretty much any firewall along with http (port 80) and https (port 443).
VPN's don't provide security as their primary function they provide anonymity (useful for nicking videos off Hollywood). It basically creates a tunnel between your PC/tablet/phone whatever so you only send traffic to the VPN servers and they then forward it on and route the response back to you. Your ultimate destination sees the IP address (string of numbers) of the VPN server rather than yours.
It's not unreasonable that the VPN leaves most common ports open since they don't know which ones you might want to use and would expect you to block them locally.
Post up the list and we can probably tell you what they are for.
Click to expand...

Thanks thats very helpful.

These are the open ports on my mobile data connection via VPN.

Screenshot_2023-03-14-09-07-56-80_36864f2f8ea39359638af6042cf9d2ca.jpgScreenshot_2023-03-14-09-07-44-53_36864f2f8ea39359638af6042cf9d2ca.jpgScreenshot_2023-03-14-09-07-05-09_36864f2f8ea39359638af6042cf9d2ca.jpg
 
souljacker said:
You shouldn't really have any open ports on a home network unless you have a specific reason and have opened them yourself. Http on a home router and SSH on your firewall would be a major security hole.

But, you also shouldn't have the home router and the firewall having outside internet connections. Where did you do the port scan from? Was it definitely from the outside? You can have whatever you want open internally. It's only dangerous when they are open to anyone on the internet.

What's the mobile network? And what do you mean you have a VPN on it?

Give me your external IP and I'll see what I can see.
Click to expand...

I port scanned via the portdroid app on my phone.
 
The reason I am paranoid is because I know I have been under police surveillance (waves) and had my whole home network hacked, my phone stingrayed the whole fucking lot.

I've got nothing to hide but it's a matter of principle that I want as much security as possible and yes I fully realise that if they still want to be nosey hacking bastards that they will find a way no matter what. I just want to mitigate as much risk as possible.
 
existentialist said:
I'm not sure those ports need to be open on the inbound side for the reasons you describe - nobody's going to be making DNS queries of the OP's computer, for example, and outbound ssh traffic can work if the inbound ssh port is closed. Likewise HTTP and HTTPS, unless the OP is running a webserver?
Click to expand...
You'll need 53 open both ways to get an answer back from DNS, http and https will work with only outbound ports open providing it can connect back on ports above 1024 which is a bit of a crap shoot.
SSH is the question mark. If you aren't using it for ssh'ing then you personally don't need it but I have found plenty of stuff (more Unix than Windows) that needs it for comunication. These things really should use https instead but such alas is not always so.
 
existentialist said:
I'm not sure those ports need to be open on the inbound side for the reasons you describe - nobody's going to be making DNS queries of the OP's computer, for example, and outbound ssh traffic can work if the inbound ssh port is closed. Likewise HTTP and HTTPS, unless the OP is running a webserver?
Click to expand...

Nope not running a webserver and I scanned the ports from inside the network.
 
MickiQ said:
You'll need 53 open both ways to get an answer back from DNS, http and https will work with only outbound ports open providing it can connect back on ports above 1024 which is a bit of a crap shoot.
SSH is the question mark. If you aren't using it for ssh'ing then you personally don't need it but I have found plenty of stuff (more Unix than Windows) that needs it for comunication. These things really should use https instead but such alas is not always so.
Click to expand...

Would you recommend leaving as it is (the firewall) rather than fucking about trying to close ports and risking crashing the connection? I imagine the firewall is savvy enough to know what to leave open and closed? Unless it's been compromised of course.
 
savoloysam said:
I am only a half clued up about deep tech stuff but a few of you here know your stuff.

I gather that, and correct me if I am wrong, open ports are required otherwise there is nowhere for the data to travel right?

If so then at what point do you become concerned?

I've scanned my network with Portdroid and found...

30 open and no closed ports on my mobile network despite having a fully paid VPN. This seems quite worrying to me.

2 open ports on my home router (domain name user and http world wide web)

2 open ports on my firewall (SSH and DNS)

Are they any issues I should look at here and if so what?
Click to expand...
cartoon-comic-book-whoosh-fast-sound-effect-sonic-boom-design-element-graphic-84344479.jpg
 
savoloysam said:
Nope not running a webserver and I scanned the ports from inside the network.
Click to expand...
I presume that what you were scanning was the "outside" address, though? I ask, because in that full list of open ports (although obviously I don't know exactly what process was used to scan them) there are a lot of things I'd be very surprised if you were needing/using - remote display stuff, MySQL server, all the POP3 and IMAP stuff. souljacker's suggestion of letting someone scan your external IP address is a good one (but best to share it via PM), because if you were scanning from inside your network, that wide range of open ports might be a bit more legit.
 
There are some there I don't recognise (I will look them up) but of those I do
25,110,143,993 and 995 are used for emails you only actually need one but they don't know which one you are using so they leave them all open.
1723 is necessary for the VPN itself to work.
80, 443, 8080 and 8888 are used by your browser
3306 is the default port for databases you almost certainly don't need that but I'm not surprised it's open
5900 is used for Unix or Linux GUI's over remote networks. I use that a lot but I guess you don't
111 is a very elderly protocol used mostly for things like remote filesharing software but these days just tends to gather dust.
135, 139, 445 and 3389 are Microsoft networking protocols which you definitely don't need unless you are using a PC that is using remote Microsoft only software
10257 is the Kubernetes port so that is probably open for Netflix

Most ports you don't need to worry about so long as you don't have software listening on those ports that will respond to a request. If you don't and that depends on your device then any attempt to connect on them just won't happen.
 
MickiQ said:
There are some there I don't recognise (I will look them up) but of those I do
25,110,143,993 and 995 are used for emails you only actually need one but they don't know which one you are using so they leave them all open.
1723 is necessary for the VPN itself to work.
80, 443, 8080 and 8888 are used by your browser
3306 is the default port for databases you almost certainly don't need that but I'm not surprised it's open
5900 is used for Unix or Linux GUI's over remote networks. I use that a lot but I guess you don't
111 is a very elderly protocol used mostly for things like remote filesharing software but these days just tends to gather dust.
135, 139, 445 and 3389 are Microsoft networking protocols which you definitely don't need unless you are using a PC that is using remote Microsoft only software
10257 is the Kubernetes port so that is probably open for Netflix

Most ports you don't need to worry about so long as you don't have software listening on those ports that will respond to a request. If you don't and that depends on your device then any attempt to connect on them just won't happen.
Click to expand...
But all those would be for inbound traffic, surely? I am sure that savoloysam would know if she were running an MTA on her machine that required inbound SMTP connections?

I agree that the mere fact of the ports being open shouldn't necessarily compromise security, but it'd be a bit like leaving your front door locked and relying on the burglar alarm...
 
@savolysam what are you using a PC or an Android device? I'm afraid I don't know how to check on an Android device but if it's a PC do the following:-

1. start typing Command Prompt in the 'Type Here To Search' box
2. When it appears select "Run as Administrator"
3. In the resulting command window type 'netstat -an' and press enter
4. cut and paste the answer that comes up into this thread.

existentialist said:
But all those would be for inbound traffic, surely? I am sure that savoloysam would know if she were running an MTA on her machine that required inbound SMTP connections?

I agree that the mere fact of the ports being open shouldn't necessarily compromise security, but it'd be a bit like leaving your front door locked and relying on the burglar alarm...
Click to expand...
That's on the VPN they have to be open in both directions since the VPN doesn't know which direction traffic is flowing.
 
MickiQ said:
There are some there I don't recognise (I will look them up) but of those I do
25,110,143,993 and 995 are used for emails you only actually need one but they don't know which one you are using so they leave them all open.
1723 is necessary for the VPN itself to work.
80, 443, 8080 and 8888 are used by your browser
3306 is the default port for databases you almost certainly don't need that but I'm not surprised it's open
5900 is used for Unix or Linux GUI's over remote networks. I use that a lot but I guess you don't
111 is a very elderly protocol used mostly for things like remote filesharing software but these days just tends to gather dust.
135, 139, 445 and 3389 are Microsoft networking protocols which you definitely don't need unless you are using a PC that is using remote Microsoft only software
10257 is the Kubernetes port so that is probably open for Netflix

Most ports you don't need to worry about so long as you don't have software listening on those ports that will respond to a request. If you don't and that depends on your device then any attempt to connect on them just won't happen.
Click to expand...
None of these ports should be open to the internet unless you are running services inside the network that you want to see remotely. Browsers or Netflix or whatever do not EVER need to have open ports to work, They send http or https out and track those requests to look for the return data but that is not an open port.

savoloysam said:
Nope not running a webserver and I scanned the ports from inside the network.
Click to expand...
Thats the problem. You can have lots of ports open internally, no problem with that (although why you would is a different question). Its external ports you need to care about. PM me your external IP and I will do a scan for you.
 
souljacker said:
None of these ports should be open to the internet unless you are running services inside the network that you want to see remotely. Browsers or Netflix or whatever do not EVER need to have open ports to work, They send http or https out and track those requests to look for the return data but that is not an open port.


Thats the problem. You can have lots of ports open internally, no problem with that (although why you would is a different question). Its external ports you need to care about. PM me your external IP and I will do a scan for you.
Click to expand...
The VPN supplier is going to have a 'standard' set that they leave open and rely on the customers picking and choosing what they want and blocking locally those they don't need.
 
MickiQ said:
The VPN supplier is going to have a 'standard' set that they leave open and rely on the customers picking and choosing what they want and blocking locally those they don't need.
Click to expand...
That depends entirely on the VPN. An 'enterprise' VPN like anyconnect or forticlient will have an open external port and it will be specified by the company (although you can often change it). The port that is open can be https or IPSec. Interestingly, on an enterprise firewall, the port isn't really open as such, as you need to authenticate properly to get traffic to pass, so it's fine to have that open on a firewall.
 
Thanks for all the replies it's all a tad complicated and is probably the kind of stuff that gives IT security experts a few headaches.

I totally get the point about scanning from outside the network which is obviously the most important route so I've scanned that and found the following.

21 FTP file transfer control.

22 SSH secure shell.

23 Telnet.

53 DNS.

80 HTTP

443 HTTPS SSL
 
savoloysam said:
Thanks for all the replies it's all a tad complicated and is probably the kind of stuff that gives IT security experts a few headaches.

I totally the point about scanning from outside the network which is obviously the most important route so I've scanned that and found the following.

21 FTP file transfer control.

22 SSH secure shell.

23 Telnet.

53 DNS.

80 HTTP

443 HTTPS SSL
Click to expand...
You should definitely be closing 21, 23, 53 and 80. 21,23 and 80 are insecure and shit and should be closed even if you have a reason to open them. Telnet is one of the least secure applications the internet has ever produced.

Which device in your network is internet facing? Is it the router or the firewall? If you need to connect to whichever one is the internet facing device remotely, then you might still want 22 and 443 open but I wouldn't recommend it. It's safer to VPN onto your network and connect to them from inside.

Do you have any logging on this device? Because if you have port 22 and 443 open, they will be constantly being hit from hackers doing port scans and password cracks.
 
savoloysam said:
Thanks for all the replies it's all a tad complicated and is probably the kind of stuff that gives IT security experts a few headaches.

I totally the point about scanning from outside the network which is obviously the most important route so I've scanned that and found the following.

21 FTP file transfer control.

22 SSH secure shell.

23 Telnet.

53 DNS.

80 HTTP

443 HTTPS SSL
Click to expand...
Is this externally against your home router. You deffo need 53, 80 and 443, you most definitely do not need nor want 23 but so long as you don't have anything listening on that port it's not a problem. you probably don't want 21 either and we're having an agree to disagree moment about 22.
 
a_chap said:
Would somebody be so kind as to translate some this stuff into English?

😵‍💫
Click to expand...
To talk to a (e.g.) web server on the internet, you need the IP address and a port number. The IP is like the name of a block of flats and the port is the flat number. The web server lives in flat 443 (a known port that is defined by the IETF). On a home network, you won't have a web server (probably) so there is no need for you to allow anyone into flat 443, so you block it. You should only allow connections (deliveries) to services (flats) running on your IP (block of flats).
 
You must log in or register to reply here.

Similar threads

teuchter
Recommendation How do you listen to internet radio?
Replies
11
Views
284
Sir Belchalot
Sir Belchalot
RubyToogood
  • Poll
Question How much do you hate your printer?
2 3 4
Replies
109
Views
2K
BigMoaner
BigMoaner
editor
Technical question about replacing a power supply for a device (with one you found about the house)
Replies
10
Views
512
two sheds
two sheds
Epona
Should I report BT to OFCOM or am I just barking down an empty rabbit hole?
Replies
4
Views
186
bemused
bemused
ATOMIC SUPLEX
Help I'm still running Catalina on my MacBook Pro, should I upgrade?
Replies
13
Views
412
ATOMIC SUPLEX
ATOMIC SUPLEX
Back
Top Bottom