Welcome, Guest

Author Topic: Are open TCP ports an issue?  (Read 4846 times)

Offline Apis629

  • Field Bee
  • ***
  • Posts: 835
  • Gender: Male
    • A Hobbyist's Beekeeping Adventures
Are open TCP ports an issue?
« on: January 14, 2007, 11:45:34 am »
I was running a port scan on beemaster.com (84.40.23.129) and have found every TCP port to be open.  I'm just starting off in CCNA education but, it is my understanding that it is safest to run most of your ports closed when not in opperation or, invisibly.  I have sent him a PM about this but, I'm just looking to understand if this is a real issue or, if I'm just being a "noob".

Offline Cindi

  • Galactic Bee
  • ******
  • Posts: 9825
  • Gender: Female
Re: Are open TCP ports an issue?
« Reply #1 on: January 14, 2007, 11:51:23 am »
Wow, you are talking alien to me.  I wish that I could understand a little bit more about computers than simply just putting my fingers on a mouse and a keyboard.  My hats off to you computer techs!!!  Great day.  Cindi
There are strange things done in the midnight sun by the men who moil for gold.  The Arctic trails have their secret tales that would make your blood run cold.  The Northern Lights have seen queer sights, but the queerest they ever did see, what the night on the marge of Lake Lebarge, I cremated Sam McGee.  Robert Service

Offline buzzbee

  • Ken
  • Global Moderator
  • Galactic Bee
  • *******
  • Posts: 5930
  • Gender: Male
    • N Central Pa Beekeepers Facebook Page
Re: Are open TCP ports an issue?
« Reply #2 on: January 14, 2007, 11:54:14 am »
I beleive this sight is hosted on a commercial server and there is probably a reason for the ports to be open.
But thats just my two cents worth! ;)

Offline Apis629

  • Field Bee
  • ***
  • Posts: 835
  • Gender: Male
    • A Hobbyist's Beekeeping Adventures
Re: Are open TCP ports an issue?
« Reply #3 on: January 14, 2007, 12:26:40 pm »
Still, most servers will have many ports closed.  Between 79 (finger), 11 (netstat), 25 (smtp) and 21 (ftp) I have concern for this website's security.  I'm just looking for someone with more technical knowledge than me (99.9% of this forum) to either correct me, or come to a simmilar conclution that I did.

Offline buzzbee

  • Ken
  • Global Moderator
  • Galactic Bee
  • *******
  • Posts: 5930
  • Gender: Male
    • N Central Pa Beekeepers Facebook Page
Re: Are open TCP ports an issue?
« Reply #4 on: January 14, 2007, 01:00:39 pm »
They are a web hosting company that may need the individual ports open for the different sights they host and different programs they host.If you google there ip I think you will find the company is Hostway.
If they host gaming sites for places like ea sports and a lot of  the other gamer companies that host online games they need a lot of ports open for the user interfaces.

Offline Understudy

  • Galactic Bee
  • ******
  • Posts: 4641
  • Gender: Male
    • http://www.understudy.net
Re: Are open TCP ports an issue?
« Reply #5 on: January 14, 2007, 08:31:21 pm »
Having the ports open is not a big deal if you are a server in a data center. Or a server running multiple hosts.

The CCNA also tends to push cisco ideals. Not always what reality is. While it is nice to close down ports that are not being used it isn't always practicle. Servers that run financial programs such as shopping carts,bloomberg financial traffic, or vpn access require hundreds of ports.

If they use passive ftp servers they may have a block of high port numbers for example. I have :
# Allow remote FTP  clients to respond to use passive ftp with proftpd
pass in quick on $ext_if inet proto tcp from any port 49152 >< 65535 user proxy flags S/SA keep state

You can read a list of port assignments here:
http://www.iana.org/assignments/port-numbers

Cindi
The best way to explain ports is like roads on a highway. But the roads are geared toward specfic traffic. The idea behind closing certain ports is that you don't allow certain traffic to access you. Not all traffic is viewed as good. Many home computer users are recommended to close certain ports to avoid bad people who use common traffic routes to do malicious things.

That is the reason many people use firewalls. However a home use computer is not generally a server and the security on a home computer can be comprimised easier than  servers.

This is another reason that I don't like windoze. M$ makes crap and markets it well. The standard windows user has a firewall, anti-virus, anti-trojan, spyware software to help protect them. I run a firewall and that is it. But I don't run windoze. I run a firewall that is designed to route, limit, and log traffic. That way the nasty people get nowhere.

The problem is Apis629 is taking a course designed by a manufacture to help feed that paranoia. Cisco makes money that way. Cisco of course say they do other things and they do Cisco switches and routers are the most popular brand out there. And there are nasty people out there who do mean things. The problem is that Cisco's brand of paranoia doesn't always fit the reality. It does work in many cases but a well set up server and router tables with a decent firewall can do just as well as anything out there. The problem is that it takes a lot of studying and knowledge to do it right.

Windoze was designed to make things easy so users don't have to think a lot. The problem is the users than make dumb mistakes.

A good example in the real world of this is driving a stick shift car. My wife didn't know how to drive one when I met her. She had been driving an automatic for years. She was intimidated by the idea of driving a stick not only that both her parents told her she would never be able to drive a stick. I gave her a few lessons, she stalled the first few times but making those mistakes are what helped her learn. She now drives a Toyota Supra with a 5 speed stick and now hates automatics.

So sometimes setting up a good safe computer system means having to learn how to right you own firewall rules and your own routing tables. But when you are done you will know exactly how things work.

Cisco will charge you a lot of money to teach their way of doing it and they have convinced businesses that having their piece of paper when you look for a job. And as I said before they have a huge chunk of the market so they have the money they make the rules. And make no bones about it Apis629 will probably make some good money if he gets his certifications. And making money is not a bad thing.

Yet it still amazes me when I have to access one of their pieces of equipment and I have deal with their software, what a pile I am having to deal with.

So somehow for a few years here beemaster has been running the most popular beekeeper forum with wide open ports. This must cause Cisco account executives to lose sleep at night.

And still beekeepers get an education everyday. Provided they don't trip over the power cord.

Sincerely,
Brendhan
The status is not quo. The world is a mess and I just need to rule it. Dr. Horrible

Offline Cindi

  • Galactic Bee
  • ******
  • Posts: 9825
  • Gender: Female
Re: Are open TCP ports an issue?
« Reply #6 on: January 14, 2007, 09:05:14 pm »
Brendhan.  Thanks for the crash course.  Your information was good and good probably for lots of forum members, who like me are not the computer savies.  Great day. Cindi
There are strange things done in the midnight sun by the men who moil for gold.  The Arctic trails have their secret tales that would make your blood run cold.  The Northern Lights have seen queer sights, but the queerest they ever did see, what the night on the marge of Lake Lebarge, I cremated Sam McGee.  Robert Service

Offline pdmattox

  • Queen Bee
  • ****
  • Posts: 1143
  • Gender: Male
    • October bend Rv Park
Re: Are open TCP ports an issue?
« Reply #7 on: January 14, 2007, 09:35:46 pm »
Brendhan, I am impressed.  Great info.

Offline TwT

  • Senior Forum
  • Galactic Bee
  • ******
  • Posts: 3396
  • Ted
Re: Are open TCP ports an issue?
« Reply #8 on: January 15, 2007, 09:57:03 am »
He nailed it, but if you are not sure what ports you may have opened or how your PC might be at risk just try the test on this link, they are free and nice test, just see how exposed your system mite be... its under TEST YOUR SYSTEM

http://www.pcflank.com/
THAT's ME TO THE LEFT JUST 5 MONTHS FROM NOW!!!!!!!!

Never be afraid to try something new.
Amateurs built the ark,
Professionals built the Titanic

 

anything