Results 1 to 3 of 3

Thread: Question about router, Port triggering?

  1. #1
    A+, Security+, Mobility+ Shinobi's Avatar
    Join Date
    Jan 2001
    Location
    South Carolina
    Posts
    4,432
    Blog Entries
    1

    Question about router, Port triggering?

    Basically, from what I understand... port triggering is like port fowarding, without a I.P. address for the port or port range..
    ..and the port or port range opens and closes per connection request, inbound and outbound.

    So basically, any passing TCP "port scan" would "trigger" these port(s) as "open" ?

    Am I right?

    Thanks,
    Shinobi
    _______________________________________________
    Vendor neutral certified in IT Project Management, IT Security, Cisco Networking, Cisco Security, Wide Area Networks, IPv6, IT Hardware, Unix, Linux, and Windows server administration

  2. #2
    Member Courtney's Avatar
    Join Date
    Oct 2003
    Location
    Kansas, USA
    Posts
    73
    No.

    Routers also depend on direction and on which system requested the open port. For example, you request a web page from a server. Your computer uses a port above 32K, to connect to port 80 on the destination. Once the two computers connect, they agree on ports (above 32K on both machines) to communicate. This leaves port 80 on the web server open for the next connection.

    Once the communcation between the computers is completed, the port on both systems (and the router) is closed.

    Now, on most routers, the external ports aren't just closed; they are normally in "stealth mode." So, when a scan requests the status of a port, not only does the router not respond with the fact that the port is closed, it doesn't respond at all. This is called a firewall.

    Unprotected Windows, however, will respond with the port status. Not only that, some standard ports, like NetBIOS, FTP, SNMP or SMTP are always open. These are some of the ports that port scanners target.

    Now you know why a firewall is necessary.

    courtney

  3. #3
    Quote Originally Posted by Shinobi
    ..and the port or port range opens and closes per connection request, inbound and outbound. So basically, any passing TCP "port scan" would "trigger" these port(s) as "open" ?
    After a trigger event is detected a temporary port forward rule is created. Only outgoing traffic will cause the trigger event so a port scan would not affect it.
    Your computer uses a port above 32K, to connect to port 80 on the destination. Once the two computers connect, they agree on ports (above 32K on both machines) to communicate.
    Ephemeral ports start at 1023 (not 32k). The only OS that I know of that uses above 32,000 for ephemerals is Solaris.
    Unprotected Windows, however, will respond with the port status. Not only that, some standard ports, like NetBIOS, FTP, SNMP or SMTP are always open. These are some of the ports that port scanners target.
    Replying with a RST packet isn't the kiss of death that people make it out to be. Also FTP, SNMP and SMTP ports are not open on windows. You must start a service/application in order to "open" them.

Similar Threads

  1. CCNA
    By dmsmed in forum Networking Forum
    Replies: 14
    Last Post: 03-02-06, 10:06 AM
  2. Router and port 113
    By mikem2 in forum Networking Forum
    Replies: 4
    Last Post: 01-10-04, 09:46 PM
  3. Wireless router question
    By el bob in forum Networking Forum
    Replies: 2
    Last Post: 05-01-03, 10:20 PM
  4. Linksys 4 port router and cable/dsl modems
    By Diamyo in forum General Broadband Forum
    Replies: 10
    Last Post: 04-03-02, 04:33 PM
  5. Cable modem/Linksys 4 port router/ webcam help
    By Matt28 in forum Networking Forum
    Replies: 4
    Last Post: 01-28-02, 02:02 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •