New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus ē Advice and insight from world-class Apple enthusiasts ē Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Internet, Networking, and Wireless Discussion of networking, internet, and wireless including Apple's Airport products.

A Ports Primer


Post Reply New Thread Subscribe

 
Thread Tools
IvanLasston

 
IvanLasston's Avatar
 
Member Since: Feb 26, 2010
Location: Rocky Mountain High, Colorado
Posts: 2,116
IvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to behold
Mac Specs: 1.8 GHz i7 MBA 11" OSX 10.8.2

IvanLasston is offline
There seems to be a lot of questions surrounding port forwarding and opening ports. If youíve seen my previous posts I usually recommend against opening up ports unless you know the ramifications of opening said ports. This post is a simple guide to what ports are and why you need to be careful when opening ports.

If there are mistakes or omissions let me know and I'll clean up the post.

The backbone of the internet and most networks today is a protocol called TCP/IP - actually these are two protocols - Transmission Control Protocol/Internet Protocol. There are entire text books written on TCP/IP but simply speaking - IP is the protocol that translates ip addresses to web addresses so that your web browser can translate Google to 74.125.227.16. (There is a lot more going on but that is the simple explanation) TCP is the Transmission Control Protocol. This is the protocol when we talk about ports. There are a bunch of well known ports such as
80 - for HTTP
22 - for SSH
443 - for HTTPS
Here is a list from Wikipedia
List of TCP and UDP port numbers - Wikipedia, the free encyclopedia
Most programs that communicate over the internet take some TCP port. The most common - 80 is for web traffic. So when you type in Google - what happens is that IP goes out translates this to 74.125.227.16 and then sends the traffic to port 80 - it would look like this 74.125.227.16:80 (Meaning go hit that ip address on port 80 and do your request) - After all that your web browser presents you with the google home page. (Again a lot more is going on but that is the simple explanation)

How to Get To Your Home Network
To help get to your home network consider signing up for dynamic dns. There are several free services but the one with most built in support is DynDNS.
DynDNS.com Dynamic DNS: Free DDNS Service
You can create a free hostname (like mycoolnetwork.dyndns.org)
That way you donít have to figure out what your external ip address. Also there are scripts that run on most computers (and most routers) that will update dyndns when your IP address changes (because usually you have dynamic ip addresses on your home network)
DynDNS.com - Support -- Update Clients: Downloads for update clients, DDNS routers, DDNS hardware clients
My Netgear router has a setup page for syncing up with Dyndns.org. The Apple routers (Time Capsule, Airport Extreme, Airport Express) do not have this built in by default. This is one of the reasons I have Netgear doing my routing and my Time Capsule is only used for wireless and NAS. So if you only have Apple network hardware you can use a Mac client for example.
DynDNS.com - Support -- Update Clients -- DynDNS Updater for Mac Installation Guide

Back to Our Regularly Scheduled Program
So when a program says you need to open and setup a port on your router/firewall - what you are doing is exposing that port to the world, then forwarding that port to the waiting computer/device and application. So lets say you want to VNC into a machine on your home network. By default most home networks have all ports closed. What you do is on your router - you setup port forwarding. So you would forward port 5900 (the standard VNC port) to your computer IP address (for example 192.168.1.2) Then in your VNC viewer you can put in your external IP address and port - then the port forward on your router should pass all that port onto your internal computer. So in theory you could go to a vnc viewer program from outside your network - type in mycoolnetwork.dyndns.org:5900 - and you should be presented with a login screen for the computer to which you forwarded the port.

So this is really cool - one could setup a server - port forward the ports you need for remote access, and then have access from anywhere. Here is the rub - once you open a port - people/bots can start probing that port. When a port is closed - there is no response so most scripts move on. When a port is opened - whatever is waiting on that port usually gives a response. Then whatever is probing knows that something exists at that port.
Port scanner - Wikipedia, the free encyclopedia
Once your open port responds then you will see the attacks come. Letís continue with the VNC example. Letís say I write a script looking for responses on 5900. I find mycoolnetwork.dyndns.org responds on that port. Well now I know that 5900 is available. I can try to connect to that port - and I will be presented with your login screen. Letís say you have a weak username/password - I can start a dictionary attack on your VNC login and will probably be successful in getting in. Even if you have a strong username/password - I can still try a brute force attack taking up your network resources. And now the 3rd problem - VNC isnít always encrypted so that you could be sending everything over the internet unencrypted such that anyone packet sniffing could find out sensitive data. Lastly the 4th problem - if you donít keep your system up to date, there could be exploits available in VNC that could cause it to crash (and let people inject code and gain control of your machine)
vnc vunerabilities - Google Search
If you donít update you could be susceptible to older known exploits.

Well that sucks. So you donít really want to open up ports unless you know what you are opening is
1 - secure (name/password is strong, use rsa keys, etc)
2 - up to date (as there may be exploits on older versions of software)
3 - encrypted (otherwise you run into problems with packet sniffing like firesheep)

What to do? There are several options like VPN or SSH - but as stated you need to make sure you meet the first 2 criteria at all times. I personally use a ssh server and port forward all my traffic. SSH is pretty good but out of the box it isnít all that secure. VPN is good to but usually you have to have server OSes to get the VPN ability. If there is interest I can follow up with a SSH setup post.
QUOTE Thanks

Post Reply New Thread Subscribe


« Speed of my network | Sharing an iTunes library with USB drive attached to Time Capsule »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Intel Macbook late 2007 usb ports no longer working mircomandrillo Apple Notebooks 9 11-25-2009 11:35 AM
Linux on a Early '08 version MacBook Pro? Tarek Running Windows (or anything else) on your Mac 22 08-10-2009 04:13 AM
Very confused regarding Ports... Tazz212 Internet, Networking, and Wireless 0 07-02-2009 12:11 PM
Lost my Firewire Ports blinkin357 Apple Desktops 2 11-02-2007 09:01 PM
Redirecting ports on a wireless network bunnybooze Internet, Networking, and Wireless 0 09-26-2006 10:42 AM

All times are GMT -4. The time now is 10:46 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?