how vulnerable will i be with single port forwarded through router

buachille

buachille

buachille

Associate
Joined
28 Dec 2004
Posts
757
I run windows xp with zone alarm and a good secure router with spi and nat enabled. i know lots of people on these forums say you don't need a software firewall at all, but i like having one. Good for seeing outgoing connection attempts and controlling them.

Anyway, as many of you may know, zone alarm doesn't like torrent programs. the number of connections eventually crashes vsmon.exe - always. It is just a matter of time before it happens, and when it does it chokes the internet connection and your torrents slow to a crawl.

so, if i'm leaving the computer on all night i would like to leave zone alarm switched off. this will leave me with a computer that is completely stealthed (shields up proves this) to all scan attempts, and it bumps all pings, apart from the one port i have forwarded for my torrents. this port, when i test it on shields up, is open. it is a high port number (above 40,000).

what i want to know is, what are my chances of being hacked, infected or whatever, overnight while zone alarm is off. surely the many dodgy folks on the net who are port scanning for vulnerable computers will find this open port on my machine, and i'll be wide open to attack. or am i wrong?

anybody advise please. :confused:
 
There is virtually no chance of anything happening to your PC. I'd say that with 99% certainty.
 
Hxc said:
There is virtually no chance of anything happening to your PC. I'd say that with 99% certainty.
Click to expand...

that is good to hear. i don't much about how people hack, but i do know they run port scanners that run through the whole range and just keep searching. won't i be easily found by this type of thing?
 
i just use the xpsp2 firewall (i don't feel the need for outgoing protection)

i'd switch zonealarm for comodo though, zonealarm has some terrible effects sometimes
 
bledd. said:
i just use the xpsp2 firewall (i don't feel the need for outgoing protection)

i'd switch zonealarm for comodo though, zonealarm has some terrible effects sometimes
Click to expand...

i tried comodo about 3 days ago because of this problem. it drove me absolutely mad with alerts. i told it to allow an app in future, but it would ask me again, so then i go into that apps properties in comodo, and allow it to do everything and anything, but comodo would still ask me what to do?

dunno if i was missing something, but i didn't like all these alerts. i tried outpost too as this is meant to be fine with torrents (like comodo), but i didn't get along with it either.

i really like xa. been using it for years and it works perfect with everything except torrents. i've read up on this and it is a known issue that checkpoint are doing nothing to fix unfortunately.
 
buachille said:
that is good to hear. i don't much about how people hack, but i do know they run port scanners that run through the whole range and just keep searching. won't i be easily found by this type of thing?
Click to expand...
Port scanning is done to identify which ports are in a listening state, but port scanning alone won't allow someone to gain access to your machine. What it does do, however, is tell them what you've got running on your PC if it finds a port is open. This is if one of the standard TCP/UDP ports responds, e.g. if they find that port 21 is open then the chances are that you're running ftp on the port, or 23 is gonna be telnet, 1443 will be SQL Server, etc...

Once someone knows what you've got running, they'll either try to identify the particular type and/or version of the service (called footprinting) or they'll just try some exploits for popular versions of the service that's running on the port.

As long as there's no vulnerability in whatever service or application you're running that's listening on a port, you're not going to get compromised. :)

Intrusion Prevention Systems will pick up port scanners and warn you that someone is scanning your machine so you can choose to blackhole traffic from that IP, and pretty much all of them these days are capable of recognising port scans that aren't sequential (used to be a way around IPS in the good old days :D)
 
You must log in or register to reply here.
Back
Top Bottom