Leo, a PC security measure that I’ve come across recently is one where we should scan our router for open ports. What’s an open port and how are they created? How do we scan our routers for these open ports and how do we close them when we find them? I have a combination modem/router and I’m running Windows XP, SP3.
Open ports, particularly on routers, aren’t really something that I worry about. To be blunt, I wouldn’t spend a lot of time trying to track them down and close them.
That being said, the concept is kind of interesting and opens up a bit of a window into just how the internet works.
Become a Patron of Ask Leo! and go ad-free!
So, what’s a port? And what does it mean for a port to be open or not?
Servers on the internet can perform many, many different functions. Some are set up to present you with a web page, like askleo.com is.
Some servers can accept mail to send. If I send mail from my computer here it connects to another server on the internet that accepts mail. Servers can also collect email to be delivered. So when I download my email or when I view my email, I’m connecting to a server in a particular way that allows it to provide me with the email that it has been collecting for me.
And of course, you can transfer files to and from various servers, and many, many, many more things.
A port is just a way of identifying or specifying what kind of request is being made of server. Ultimately, a port is just a number.
When your browser requests a page from a web server, it connects to that server at an IP address, and with that connection it specifies a port number. That number tells the server what kind of service the connection wants to use.
Port number 80 is the web service. So, when you connect to askleo.com your browser first translates “askleo.com” into an IP address. It then connects to the computer at that IP address, the server that houses askleo.com, and indicates that it wants to contact the service on port 80. That way the server knows that this is a request specifically to talk to the webpage service on it.
Connect to a different port and you’d be connecting to something else, like email, FTP or any number of other things. Your email program probably connects to your mail provider’s server exactly the same way as I described for accessing a webpage; except it uses port 25 to send mail and port 110 if it wants to receive mail. If you upload files to a server using FTP, you’re using ports number 21 and 22. Other ports might be used for other purposes. Again, all these are numbers that identify what service it is you want to connect to on the server.
When ports aren’t used
So, what happens if you make an attempt to connect to port 80 when the server that you’re connecting to doesn’t actually have a web service? The browser won’t be able to connect. What happens next will depend on the server, and on your browser and just how helpful it is in describing the problem.
When a server is not listening to a port (in other words, it’s not set up to receive incoming connections on that port), that port is said to be “closed”.
An open port means that if someone tries to connect to that port on the server, the server’s going to respond in some way. The response could be, “Yes, I accept your connection. I have whatever it is you want”. Or it could reject the attempt to connect, a kind of “no, go away” response.
Ports on your router
So, your router has open ports. This really doesn’t worry me. Your router is protecting your computers by acting as a firewall, which means that whether the ports are open or not, incoming attempts to connect are simply not accepted. At best there’s no response, and if not at least a “no, go away”.
Now there’s one possible exception: remote management. Many routers can be configured to allow someone in a remote location to manage them through an open port. This can be useful, for example, if you work from home and your company’s IT department needs access to your router; or if you want to manage your parents’ router from your house across town.
In general, I recommend that remote management be turned off unless you have a specific need. You can do that by going to your router’s administration interface and looking for the remote management option in its option screens.
Checking for open ports
So how would you investigate which ports are open, and which are closed, etc.?
There is a service called Shields Up. It’s at grc.com. That’s Gibson Research Corporation, run by Steve Gibson who has been around seemingly forever. Shields Up will tell you in overwhelming detail which ports are open, which are closed, which are in so-called “stealth mode”, and so on. It will give you a very detailed report.
My big caveat with Shields Up is that in my opinion, the site is excessively alarmist. It will claim or imply that things are horribly insecure when in fact they are not. I would not panic based on the results you find at grc.com’s Shields Up.
So, my bottom line is: it’s all kind of interesting to understand how the internet works, but as long as you’re behind a router, open ports are not something I would spend any time worrying about. I know I don’t.