7

I have a port forwarded and open in the firewall that I sometimes use to play games with friends over the internet. The game server doesn't run 24/7, only when I'm actually playing is something actually listening on this port. Are there issues with having this port open while nothing is listening?

I know I can tell the firewall to allow the application through so the port is closed when the game isn't running, but this is more of a "what if" question.

Corey Ogburn
  • 752
  • 5
  • 15
  • I think we need to know a little more...is the (Windows) firewall on the same device as the 'game server'? Is there anything else between the Windows firewall and the Internet, for example a router? If yes is the router doing anything to control access to the internal network from the Internet? What else is the device that runs the game server used for? How is access via the open port controlled when you are playing the game (i.e. what prevents someone other than your friends connect)? What protocol(s) does the game server use - or in other words what is open on the firewall? – R15 Nov 18 '14 at 19:22
  • The windows machine is the firewall, the game server, and a day to day computer for browsing, developing, gaming, everything. It has the firewall and nothing is between it and the router. The router has some ports forwarded for the computer (as well as a few tweaks to have an open NAT type for Xbox Live on a connected Xbox). When playing the game, anybody with my ip can connect. It's not advertised outside of my group of friends. The game itself is Factorio. I don't know the details, but like any game I've played it doesn't seem to have a public protocol definition. – Corey Ogburn Nov 18 '14 at 19:28

4 Answers4

4

It is likely that the port you have open will always show as being in a different state from other ports if someone does a scan of your IP address, so it would make sense to ensure that there definitely isn't anything listening when the game server is shutdown (although if the game has vulnerabilities it probably does not matter if it is listening all the time or only when you are playing with friends).

You can check that there is nothing listening on the Factorio default port when the game is shutdown by using netstat see here https://stackoverflow.com/questions/48198/how-can-you-find-out-which-process-is-listening-on-a-port-on-windows. If nothing is listening any inbound packets will be either quietly dropped or possibly result in an Ack Reset (depending whether it is UDP or TCP based traffic). In theory leaving the port open in the firewall should not be a problem, but I would err on the side of caution and disable the rule that allows the traffic when it is not required.

You might also want to look at your router and see whether you can limit the inbound connections to the IP addresses of your friends, this would help to reduce your exposure to attackers (this is a game which is in development and could well have exploitable vulnerabilities), but if they are on dynamic IPs this could be a bit of a pain to maintain depending how often you play.

Community
  • 1
R15
  • 2,963
  • 1
  • 13
  • 21
0

On your client:

  • An 'open' port (TCP) will respond to a new connection request - the remote client will send a 'SYN' and your server will reply with a SYN-ACK starting the TCP/IP 3 way handshake.

  • if it's 'closed' then your server will reply with an RST - effectively 'refusing' the connection.

What a firewall does is:

If a port is 'authorized' then it'll pass the traffic through. That initial 'SYN' packet will carry on through to your server, and trigger a replying RST. (This could perhaps be blocked by a firewall, but typically it doesn't).

An 'open' port means a service is listening, which could have known exploits. This threat is vastly reduced if the port is closed and there's no listening service.

A 'closed' port on your server will also:

  • reply with an RST - potentially giving away OS fingerprint, and indicating that there is an active device. (Offline or fire walled would normally mean 'no reply').

  • Be vulnerable to exploits based around the packet handling mechanism of that OS. (Your Os 'gets' the packet, processes it, figures out how to reply. This is not anywhere near as common as vulnerable/exploitable services, because it's a high impact vulnerability. But none the less, it's present.

Sobrique
  • 186
  • 6
-1

A port isn't open if something isn't listening for a connection on it. I am not sure what type of firewall you are using. Is this a virtual firewall? software? Hardware appliance?

The reason it is bad form to have ports open is that it exposes those services that are listening on those ports to exploits. That is why firewalls exist, to limit what is allowed to connect to certain ports, to reduce the surface area exposed by services.

If you have an open port, you are safe provided the program processing the incoming stuff has no available exploits. But exploits are found all the time, and it's good to know that there are a lot of port scans travelling around the net, looking for targets.

Closed ports still respond to the akser, so possible attacker knows to proceed checking other ports. Then again, this is how the internet is specified to work. While stealth ports attempt to not give the potential attacker any information, in theory they break the specification.

From a security point of view, any open port is a huge gaping hole, since code is being used to process foreign data. What a firewall (or a NAT router) does is make sure no incoming traffic gets to your computer, even if the system has some open ports. This way, they effectively close all ports.

Cameron Does Things
  • 592
  • 3
  • 10
  • It's the default Windows Firewall. In this scenario there is no code being used to process foreign data most of the time. I understand that the process is susceptible to exploits while the game is running, but what about the rest of the time when it's not? It's then a closed port just as if the firewall was blocking it? – Corey Ogburn Nov 18 '14 at 17:04
  • Well if you are just running Software firewall on a home computer, Then it just means your firewall is allowing traffic from that port but that doesn't necessary mean there will be any actual data coming over while its open. Only when your application is being processed over that port, other than that it would not cause any issues. Sorry if I over complicated that answer. – Cameron Does Things Nov 18 '14 at 17:10
  • 2
    I'm mostly curious to know if there are any attacks or weaknesses that can target an open but unused port. – Corey Ogburn Nov 18 '14 at 17:13
  • Addressing the last paragraph, I don't think a firewall closes all ports (unless you tell it to), but it does limit what can go over these ports, based on your specifications. – Jonathan Nov 18 '14 at 17:33
-2

No, it just means your firewall would allow traffic to that port but there would be no response. It shouldn't cause any issue whatsoever.

theterribletrivium
  • 2,679
  • 18
  • 18
  • Unless the attacker tries to exploit the OS network stack's vulnerability, even though in this particular case since we're talking about a software firewall on that same machine I don't think it would make a difference. –  Nov 18 '14 at 19:05