?
Solved

Is It Possible To Stealth Port 80 and 113

Posted on 2005-03-15
24
Medium Priority
?
681 Views
Last Modified: 2013-11-16
Hi there,

I just tested my Norton Internet Security firewall and got the message that ports 80 and 113 are closed, not stealthed.

1. Is this a security risk?
2. Can I stealth those ports?
3. If I stealth port 80, can I still surf the internet?
4. If i stealth port 113, can I still use Skype to make internet calls or use chat sessions to get online support?
5. Will people on skype still see my online status?
6. I was just thinking, lets say I start sufring the internet I use port 80, so after sending I should also be able to recieve on port 80. Even though it was stealthed before. Right?

By the way I am NOT running any kind of server or service that gives others any access to my computer.

That's it. Thanks in advance.

BL
0
Comment
Question by:beni_luedi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 4
  • +2
24 Comments
 
LVL 3

Accepted Solution

by:
jltari earned 100 total points
ID: 13553001
The port 80 you're talking about is a local port, so you can stealth it, close it, or do whatever you want with it, it will not stop you from using its distant counterpart. When your browser connects to port 80, it's the Web server's port 80 , not yours. You port is probably some port in the 1024+ range, and OUTBOUND.
It's another story with skype. This probably needs an open local port, which cannot be stealthed.
I don't use Norton Internet Security, but, with some other firewalls (Zone Alarm, Outpost, Kerio, etc.), the ports seem to be stealthed because if the IP packets that are sent to such or such port aren't recognized by the software that has the rights to receive them (skype in this case), they are just dropped.

0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 13554090
1. might be, not for experiance people
2. yes
3. yes
4. not shure, you need to check skype docs
5. I guess yes
6. > right? no
  as already explained you outbound port is >1023, just the remote port might be 80, same on way back
0
 
LVL 12

Expert Comment

by:kneH
ID: 13554422
Port 80 is htp
port 113 is pop3 If I am not mistaken.

Everyone has those open

That's no problem by itsself
If you stealth em and people still know you are online... they have a 99% probability of being sure you have them ports open.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 3

Expert Comment

by:jltari
ID: 13554844
>>Everyone has those open
NOOO!!

Every Web or mail server has these open, not client computers!
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13554862
Typically, firewalls allow all outbound port's to all destination ports. Port 80 or http is a destination, and the source ports have been explained. When you go to google.com from your pc, your establishing a connection to google.com:80 (port 80) and the firewall keeps track of the fact that you initiated the connection to google.com, so google.com can send data back to you. Established connections make firewall administration 1000 times easier, because they assume you want the data back from whom you've requested a connection.
Skype http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=148&nav2=Technical says that you do not need any listening ports to use this service...
Port 80 (http) and the like are called listening ports. http://www.skype.com/help/guides/firewall.html
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13554890
Sorry to post again, the reason you don't have to open any port's is because your establishing a connection to skype's servers, and they listen for the calls, and tell your pc (over the established connection) that a call is coming in. It's the same with IM, you sign into MSN or AIM or other, to the servers they provide, and you do not need to open any port's because the IM servers will get you the data over the established connections to them.
-rich
0
 
LVL 12

Expert Comment

by:kneH
ID: 13554998
@ jltari
your right bout 113...
soz beni_luedi for misinforming you.

But port 80 is open.

Anyways FYI I use kaspersky antihacker and every port on my puter is stealthed.
0
 
LVL 12

Expert Comment

by:kneH
ID: 13555017
and where did my T go?

Port 80 is http LOL

Sheesh... it's to warm to give proper answers.
I need a to sit on a terrace with a cold Hoegaarden.
0
 
LVL 3

Expert Comment

by:jltari
ID: 13555092
If you have port 80 open, it means you have a web server running.
That's usally not the case with client computers.

I suggest we discuss this, at your terrace, you with your Hoegaarden, and I with a good Grimbergen.
:)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13555714
> Everyone has those open
> That's no problem by itsself
NO (I'm repeating)
neither 80 nor 113 has to be open, as any other port too (except you're running a server, somehow)
kneH, read the TA title ;-)

<off-topic>
"Hoegaarden" jltari where did you get that from, are you dutch?
nice to see this rare word (Hoagascht, Hoagarten) in other languages too :-)
</off-topic>
0
 
LVL 3

Expert Comment

by:jltari
ID: 13555788
I'm French, and this is not a word to me, is a beer name.
I do like beer a lot :)
0
 
LVL 12

Expert Comment

by:kneH
ID: 13555848
And yeah I am dutch.

Mais je parlez un tres petit peu Francais aussie.
(parlez! my writing is crap)
So we might even be able to have a proper convo on the terrace.

But if yall have something against Hoegaarden just pass me an Erdinger. :)


Ontopic.
I must be getting mad then cos I was sure fport showed my port 80 as open. Or was it the box at work?!

Kinell that Hoegaarden and Erdinger got me Korsakov :(
0
 
LVL 12

Expert Comment

by:kneH
ID: 13555863
>>and this is not a word to me, is a beer name

It's a way of life LOL
0
 
LVL 3

Expert Comment

by:jltari
ID: 13555900
>>Mais je parlez un tres petit peu Francais aussie
--> Mais je parle un petit peu Français aussi

:)

I've got nothing against Hoegaarden (I should have a pack at home, as a matter of fact)

If you see port 80 open somewhere, you've got a web server running, or some kind of service that wants to look like it.
Some Windows versions have IIS installed and running almost by default, so that might be it.
0
 
LVL 12

Expert Comment

by:kneH
ID: 13556017
I can bloody talk it some... I write it like Forrest Gump would.

As for the c with the curl at the bottom... I just couldn;t be arsed to look up the alt code for that one... And I erckoned being lazy was part of the French culture so I should fit right in LOL ;)


And come to think of it it prolly WAS the box at work... running the webserver indeed. Guess I was already stealing office supplies in my head LOL.

As for the author... I'd reply quickly before we hijack your thread completely ;)
0
 
LVL 3

Expert Comment

by:jltari
ID: 13556054
>> I erckoned being lazy was part of the French culture...
Might be. That's why we put the "ç" right on our keyboard :)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13556180
Erdinger, c'est la brasserie je voir directement par ma fenêtre ;-)
santé
0
 
LVL 12

Expert Comment

by:kneH
ID: 13556233
OMG what have I done...

I hereby apologize for releasing the french fury onto EE ;)
0
 

Author Comment

by:beni_luedi
ID: 13561841
Let's repeat this ...

An average client computer like mine should never get any kind of data from the internet "just like that". I don't have a server. Therefore nobody tries to connect, exept hackers.

When I go on the internet, then I connect with a server on port 80 and then as long as I am surfing my port 80 is open to get data from the internet that I requested. So the "google.com" server or any other can send data over my  port 80.

This is the same with other applications. when they are not running then they don't open ports and everything is secure. But when I use them, for example internet telephone, messenger services, ftp, ... then a specific port will be opened and data transfer both ways is possible on one specific port.

But now I send a request to the "google.com" server and then a hacker decides to use port 80 while I am surfing the internet. Can he access my computer over the open port 80? Or only the servers I connect to?

Am I on the right track? Or did I make a mistake?

BL
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13562720
>  Therefore nobody tries to connect,
well, not exactly true. I'd rephrase it like: all my ports are closed, so nobody can connect
Sorry for being pedantic ;-)

> ..  as long as I am surfing my port 80 is open to get data from the internet that I requested.
you still did not understand.
port 80 on your computer does not count. Simply forget it, it's closed (hopefully).
Your oubound connection is a port >1024, just the remote server's port might be 80
  your-computer:4242<------->80:remote-server

> So the "google.com" server or any other can send data over my  port 80.
no (except you have a server listening, but I doubt that google will connect it:-)

> ..  then they don't open ports and everything is secure.
hmm, could be pedantic then no, but i.g. we can say yes now: if ther is no application running (including your OS) then you're secure

> Can he access my computer over the open port 80?
no, not this way, see explanations above

> Or did I make a mistake?
you made mistakes, sorry.
Hope that you get more used to it now. Feel free to ask, we help ..
0
 
LVL 3

Expert Comment

by:jltari
ID: 13562831
That's right. Another way to say it :
For 2 computers to connect, you need 2 open doors. One to get out (>=1024), the other to get in (80 for google.com).
When you surf on google.com, you open an outbound connection from, let's say,  port 1028, to connect to a distant port 80 (inbound, looked from google's point of view. Their port 80 must be open). Then google sends data back to your port 1028. This data is not considered as inbound for you because you've requested it. That's how a stateful firewall works.

So, basically : Close and stealth all the ports you want on your local computer, you'll be that much safer. Let some programs initiate outbound connections (browsers, mail software, Skype, etc.) , and do not let any receive any inbound.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13564439
My-PC:1025 (or above) Google.com:80
This is what I was saying about established connections. Your firewall allows all ports OUT, but should allow no ports IN, EXCEPT if you've initiated the connection from inside.
do a  (in a cmd window)
netstat -a

Go to GRC.com and look at the shields up test to see what ports you have open. If it's none, then your all set.
-rich
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question