Hi, I have a router with a built in SPI firewall and also use a software firewall. Most of the programs I use on the Internet open ports locally, but my firewall(s) keep these ports closed to the Internet.
However when I run PPStream (which is a program that streams video via P2P) it opens a port and this port is open locally and to the Internet as well.
With this port open to the Internet will hackers be able to get on my computer even though I am using the open port?
If I turn SPI mode on will that stop hackers from using the open port?
I could really do with the whole Internet securith thing explained in laymans terms so as I know whether to worry or not, and if anyone knows of a website or book that does this it would be much appreciated.
Thanks In Advance
2007-12-18 21:46:18 · 6 answers · asked by Anonymous in Computers & Internet ➔ Security
Thank you Ivan R & Oracle 128au for taking the time to post an informative reply.
2007-12-19 20:16:05 · update #1
Hello,
(ANS) In terms of software based firewalls or those firewalls that come with most routers. SPI (stateful packet inspection) is the industry standard method used to prevent hackers braking into your system , or network. SPI is a well known and well tested method of protection.
**If you are using a computer that sits behind a router and that router & computer has a firewall (that uses SPI) then you have a reasonably good level of protection. However, my understanding is that if you have an open port and that port is in use it cannot be used by a hacker to gain entry (unless someone else knows otherwise, but I'm not a hacker) because even though the port is open if its in constant use it cannot be used to gain entry.
**My understanding is that only if the port is open and not in use can it be used by a hacker to gain access to your system.
**Thats the problem with peer to peer systems, they require that you leave a part of your computers hard disk drive open to the pubic Internet and so in effect you don't really know who is using your machine or what is being put onto your machine. Its a security risk in my view & leaves you vulnerable. Its for this very reason I don't ever use P2P software.
**Using P2P and a firewall is abit contradictory really. I could explain to you about firewalls, & SPI but its a complex subject and would take up lot of space here.
Kind Regards Ivan
computer veteran, MCSE Trained.
2007-12-18 22:11:26 · answer #1 · answered by Anonymous · 1⤊ 0⤋
SPI (ie the firewall found on most routers) only blocks incoming connections, ie those that your computer is listening. eg if you want to run a web server, you need to forward port 80 to your server, so it can listen to incoming connections. But, you can still retrieve downloads from the Internet without any port forwarding, because your computer requested the data first and established an outgoing connection. SPI allows this.
P2P will work without port forwarding, but will be limited (good P2P software inform you of this). That is, you can establish connections with other users, but other users cannot establish a connection with you. P2P software will have both clients try to connect with each other. If both cannot accept incoming connections (eg due to SPI or other reasons), then the clients cannot connect. You've effectively cut your potential connections in half.
Port forwarding solves this, by allowing you to accept incoming connections, and specifying which computer on the network specific ports should go to. You should only forward ports which you're using, as it limits the potential for being attacked. Eg if you open the ports for your P2P software, anyone can connect to you on that port. But, you can only be attacked if the software (or operating system) listening to that port has some kind of flaw that can be exploited by the attacker; which if course implies they both know (or guess) which ports are open, and which software is listening on it. And probably which version too, since flaws come and go across the life of a software.
In short, if you request data, you don't need to configure anything, and it's relatively safe; you can still be attacked, but only by the machine you're requesting data from (or, if the connection is somehow intercepted-unlikely).
If you need to listen for connections from behind a router/firewall, you need to open/forward ports, and you have little control over who connects; you are at the mercy of the listening software as to whether it can be exploited.
2007-12-18 23:25:36 · answer #2 · answered by oracle128au 7 · 2⤊ 0⤋
a P2P means its giving other people assess to view & download you files & therefore people can get in so if you're using P2P then hackers will be able to get in
either stop P2P or run the risk
but a firewall will help
2007-12-18 21:50:16 · answer #3 · answered by barrie 3 · 0⤊ 0⤋
Unfortunately, you need to open a port in order to get internet.
You should install a good internet security suite which would provide a real-time protection. You may try Kaspersky, Norton or NOD32
2007-12-18 22:03:43 · answer #4 · answered by giginotgigi 7 · 0⤊ 1⤋
of cause --control panel --> windows firewall--> exceptions
2016-04-10 07:25:43 · answer #5 · answered by Anonymous · 0⤊ 0⤋
www.portforward.com
Will explain it all.
2007-12-18 21:51:16 · answer #6 · answered by Anonymous · 0⤊ 0⤋