10

I want to open some ports on my family's network, for game servers and other protocols like HTTP and FTP. My dad, however, thinks this is unsafe (for him).

Is it easy for a hacker to get in to our network using these open ports? If he does, does he have access to the whole network or just my computer?

I was lucky, my dad let me have unknown 5-digit ports, but I still want to use "normal" ports.

I don't really care if a hacker gets in to my computer, but my dad does. Does the hacker have access to my dad's computer with no open ports? Or only my computer?

If the hacker can access my dad, can I use 2 routers to make his computer not hackable by hacker? What I mean is that I have the ports forwarded from the family's router to my own router and that router directs them to my own computer (server). Does this jail the hacker into just my "unsafe" network?

Improve this question
2
  • maybe you could look towards getting a firewall device between the router and your dad's computer. Then your dad gets as much protection as he did or more. And you get the access you require forwarding the router ports.
    – barlop
    Commented Dec 26, 2013 at 22:28
  • Depending on how it is configured it is quite possible if a hacker gets into your computer they can use your computer to attack your dads. They can also use your computer to send spam and hack web sites which will all be tracked back to you. Depends on the router a cheap dumb router offers little additional security. A managed switch/router can offer significant protection. You would be able to have 2 subnets and firewall and more to isolate the traffic.
    – cybernard
    Commented Dec 26, 2013 at 23:07

1 Answer 1

Reset to default
10

While opening ports does put you more at risk than having none open, you are only in danger if an attack can exploit the service that is using that port. A port is not an all access pass to your PC/network if an attacker happens upon it. They would need to manipulate whatever it is on the other side to gain some type of basic system access, then they could 'maybe' gain enough privileges to compromise your system. It's a bit like leaving your car keys in a bathroom 100 miles away. While someone could use them to steal your car, they still have a loooong way to go to make it happen.

As you said, companies around the world have ports open so they can do business. Another fact is that whatever those companies are doing is probably a lot more interesting to attackers than the family photos and Bejeweled Blitz your dad has on his PC.

You also need to consider just because you open ports on the router does not mean you opened ports on the PC firewalls. If you open port 3333 on your router, chances are it is still blocked by your PCs firewall, so you in still protected. Typically, you open the ports you need on the router, and open the ports on ONLY the PC firewall that needs access through them.

Finally, depending on what services you are planning on using, they may be uPnP compatible. In that case, they will open the ports they need when in use, and close them automatically when they aren't. You said you have a random 5-digit port opened right now, and have been using it. Why not stick with it then? There is nothing to be gained by using the "standard" ports unless you need to.

Improve this answer
3
  • Another problem you need to be aware of today, is bots... Getting access to your information isn't the only reason to hack computers these days. There's a lot of unprotected machines out there that are acting as bots, in the control of some malicious person without the owners knowledge. Other than the computer being extra slow, at times, a non-technical user may never know they've been compromised.
    – philwills
    Commented Dec 26, 2013 at 22:06
  • 2
    True, but typically these bot infections occur due to malicious downloads, not by coming through a port. Opening the port doesn't make you more a risk to getting infected, but it may allow an already infected machine to talk to the Master/Controller of the bot net.
    – Lee Harrison
    Commented Dec 27, 2013 at 13:26
  • Yeah, I can stick with the 5-digit port, but it would be simple to have the known ports. It would also be more "fun". But the protocol PPTP (VPN) must be using port 1723, and thats a 'normal' port
    – Jonathan Gurebo
    Commented Dec 27, 2013 at 15:07

Not the answer you're looking for? Browse other questions tagged .