Categories
Configuracion puertos Tutoriales

How to attack open ports and what cybercriminals might do

What does it mean for a port to be “open”?

Communications at the transport layer level, using mainly TCP and UDP protocols, make use of what is known as “Internet socket”. This socket constitutes a mechanism by which two processes (applications, for example) can exchange data through the local network or through the Internet. Any data flow that uses TCP or UDP requires at least the following information:

  • Source IP
  • Port of origin
  • Destination IP
  • port of destination

In a local network, in a completely automatic and transparent way, ports are continuously being opened and closed by the different processes to be able to communicate with other computers. For two processes to be able to communicate, it is necessary for one process to be able to “locate” the other to obtain services or provide services to you.

When we define that a “port is open”, it can be in two very different scenarios:

  • An open port on a local computer, for example, on our computer or on a local server. In principle, all ports should be closed because the firewall is normally configured restrictively (everything blocked except what is specifically allowed).
  • An open port in the router NAT. Normally in the router we do not have any “open” port, or, rather, we do not have in the “Virtual Server” or “Port Forwarding” section any port to any computer. By default in any router this table is empty, however, we can register different rules to open ports to different computers.

When do we need to open ports locally?

If our local computer acts as a server “of something”, such as, for example, FTP server, web server, SSH server, VPN server, database server and much more, we will have to have a port or several open ports in the firewall so that different computers on the local network or the Internet can access our services, otherwise, they will not be able to access because the firewall will block this communication and connections will not be established.

Normally in a home environment, if we set Windows 10 or a Linux-based operating system as “Private network” or “Home network”, the firewall is disabled and all incoming connections will be allowed. However, if we have it as a “Public network” the firewall will be activated and will block all incoming connections that we have not previously made outgoing, therefore, we are facing a “restrictive” firewall.

When do we need to open ports in the router NAT?

If we have a computer on the local network that acts as a server «for something», as in the previous case, and we want these services to be accessible from the Internet, it will be necessary to do a «port forwarding» or also known as «open ports ». In this way, if someone opens a socket with the public IP address and a corresponding external port, that data flow will automatically be forwarded to the computer for which we have “opened the ports.”

Any router by default does not have any rules to perform port forwarding, we will have to do it specifically. In addition, a very important detail is that if your operator has CG-NAT, even if you open a port on the router externally, you will not be able to do anything to access the internal resources of the local network.

How do you attack a port?

You can’t really “attack” a port, what is attacked is the service behind that “port” that is listening to accept incoming connections. For example, if we have port 5555 open and an FTP server is configured here, what we will do is attack the FTP service, but not the port. The port is still a “door” to the information, what is truly attacked are the services behind these ports.

The term attack a port is commonly used, when it really should be said “do a port scan” to check which ports are open on a certain computer, to later attack the services behind this specific service. To do a port scan there are many methods, but, without a doubt, the best that we can use is to perform a scan with Nmap, the quintessential host discovery and port scanning program, in addition, it would also allow its exploitation through of NSE that is an add-on to Nmap with the possibility of cracking different services and exploiting known vulnerabilities.

Nmap is a very easy-to-use program, just install it on any Linux-based operating system to start its operation, it is in the official repositories of each distribution, therefore, just execute the following command:

sudo apt install nmap

Once installed, we will have to execute the specific command to see if a port is open, filtered or closed:

nmap -p PUERTO IP

We could also scan a range of ports as follows:

nmap -p PUERTOINICIAL-PUERTOFINAL IP

For example, if we have a web server with HTTP and HTTPS running, it is completely normal that we have ports 80 and 443 open, like this:

Checking open, filtered or closed ports with Nmap is simple, however, we would recommend you read the complete Nmap wiki where we have detailed step-by-step manuals of the different types of port scanning that we have available.

What can a cybercriminal do with a port that is open?

When we have an open port, there can be various cases around what a cybercriminal can or cannot do. If we have an open port, but there is no service behind it listening, it will not be able to do anything at all, however, the open port number could be “saved” in case we do put a service to listen in the future.

If we have an open port and there is a service behind listening, it could perform many actions:

  • Make use of a legitimate way to check its operation
  • If the service requires authentication, it could perform a dictionary or brute force attack to access the service.
  • Perform a denial of service attack to cause the service to stop working properly and to stop providing service.
  • Exploiting a security vulnerability in the service, either to illegitimately access the resources of the service, to enter the system, and even to escalate privileges and take full control of the server.

As you can see, with an open port and a service running behind it, a cybercriminal can perform many malicious actions, therefore, it is very important to protect the services behind this port, to protect them, it is advisable to perform the following actions:

  • Correctly configure the firewall to allow access only to those who really need it, for example, you can filter by countries.
  • To mitigate DoS attacks, you can configure firewall rules to deny too many simultaneous connections to the same source IP.
  • You can install a program like fail2ban to detect multiple login attempts, and then tell the firewall to block the source IP.
  • Hardening the service that is listening, be it an SSH server, FTP or web server, there are always advanced settings in these services to protect them even more.
  • Hardening the operating system that is hosting the service, defining robust authentication policies, updating the system, and even using advanced systems such as SELinux among others.

There are many security measures that we can apply to a system and service to be more secure, but you must bear in mind that 100% security does not exist, therefore, you must be prepared for an incident and be able to recover the system.

Categories
Configuracion puertos Tutoriales

How to protect TCP and UDP ports and why some are dangerous

What are TCP and UDP ports?

TCP and UDP refer to the transport layer protocol used for end-to-end communication between two hosts, the ports are part of the TCP segment or UDP datagram for communication to be established correctly. We could say that the “ports” are something like the “doors” to a certain service, regardless of whether we use TCP or UDP since both protocols make use of ports. The ports themselves are not dangerous, a port is a port and it does not matter whether port 22 is port 50505, what is most important is the use that is given to a port, the dangerous thing is to have a port open to an application layer service that is not protected, because anyone could connect to that service and exploit vulnerabilities or hack us directly. Of course, it is always necessary that if we expose a port to the Internet, we control the traffic with an IDS / IPS to detect possible attacks, and have the program that is listening on this port updated.

Both in TCP and UDP we have a total of 65535 ports available, we have a classification depending on the port number to use, since some ports are commonly called “known”, and they are reserved for specific applications, although there are many other ports They are commonly used by different software to communicate both at the local network level or through the Internet. We also have registered ports, and ephemeral ports.

Known ports

Well-known ports ranging from port 0 to 1023, are registered and assigned by the Internet Assigned Numbers Authority (IANA). For example, in this list of ports is port 20 for FTP-Data, port 21 for FTP-Control, port 22 for SSH, port 23 for Telnet, port 80 and 443 for web (HTTP and HTTPS respectively), and also the mail port among many other application layer protocols.

Registered ports

Registered ports range from port 1024 to port 49151. The main difference of these ports is that different organizations can make requests to the IANA to be granted a certain port by default, and it will be assigned for use with a specific application. These registered ports are reserved, and no other organization will be able to register them again, however, they are usually as “semi-reserved”, because if the organization stops using it, it can be reused by another company. A clear example of a registered port is 3389, it is used for Remote Desktop RDP connections in Windows.

Ephemeral ports

These ports range from 49152 to 65535, this range of ports is used by client programs, and they are constantly being reused. This port range is typically used when you are transmitting to a known or reserved port from another device, such as passive web or FTP. For example, when we visit a website, the destination port will always be 80 or 443, but the source port (so that the data knows how to return) uses an epimeter port.

What ports should I especially protect?

All ports that are used to establish remote communications, whether for file sharing, remote control via console, and even remote desktop applications, email and other services that are susceptible to attacks, we must protect them adequately. Next, you have a list of ports (TCP) that you must protect especially, and close whenever we are not going to use it, because in the future it is possible that they are in use and we have forgotten to protect it properly.

  • Port 21: is used by the file transfer FTP protocol.
  • Port 22: is used by the SSH protocol to manage computers remotely
  • Port 23: used by the Telnet protocol to manage computers remotely (insecure)
  • Ports 80, 8080, 8088, 8888 and 443: all web-oriented ports should be closed if we don’t have a web server, and if we do, we should monitor it properly to mitigate possible web attacks such as SQL injection attacks, XSS and others.
  • Port 4444: this port is usually used by Trojans and malware in general, it is advisable to always have it blocked.
  • Ports 6660-6669: these ports are used by the popular IRC, if we don’t use it, we won’t open it.
  • Port 161 UDP: it is used by the SNMP protocol to view the configuration and manage different equipment such as routers, switches, and also servers. It is advisable to close it if you are not going to use it.
  • UDP port 53: the port used by the DNS protocol, this port can be used to exfiltrate information in the DNS requests themselves.

Of course, all these ports that we have explained are the most basic, but we must always follow the policy of blocking everything except those that are in use, in this way, we will not forget to close the different ports. If we block everything (except those that are in use and allowed), we will have a highly protected system, since having an open port is the first step for an intrusion.

How should I protect the ports properly?

By default all ports should be closed, unless you are using a certain service and have to open it. It is very important to always have the least number of local services exported, since the attack surface will be less. The firewalls will allow us to close all ports automatically, and open only the ones we need.

The software used that opens a TCP or UDP socket is essential that it is up to date, it is of little use to have all the ports closed except one, if the service running on that port is not updated and has security flaws. For this reason, it is so important to update all the software, it is recommended to always use software that is still maintained, to receive the different updates.

If authentication is required to access a certain service, it is necessary that the credentials be strong, if possible, use digital certificates or SSH keys (if you are going to authenticate on an SSH server). For example, it is always recommended to close Telnet port 23, because it is an insecure protocol, and therefore, it is better not to use it under any circumstances.

It is highly recommended to monitor which TCP and UDP ports are in use, to detect possible problems of intrusions or infection by Trojans. It is important to investigate any strange traffic, or ports that are open when they shouldn’t be. It is also very important to know how a certain service (listening on a certain port) behaves under normal use, in order to identify unusual behavior.

Finally, in addition to using firewalls to close all ports that we do not use, it would also be highly recommended to use IDS / IPS to detect strange behavior at the network level, and it would even be advisable to install an IDS on our own PC, so that it detects any anomaly.

Categories
Configuracion puertos Tutoriales

Scan ports with Nmap – List of Nmap commands

Main features

Nmap It is a completely free and open source utility, it allows us to discover networks and hosts, as well as perform security audits. This program is compatible with Linux, Windows and macOS operating systems, but in all of them it is used through the command line, although we have the possibility to install ZenMap which is Nmap’s graphical utility to do port scans through the graphical user interface. If you do not want to fight with commands through the console, this graphical user interface could be useful for the first steps with this great program, however, when you have more experience, you will surely execute all the commands directly from the terminal.

Nmap allows us to detect hosts on a local network, and also through the Internet, in this way, we can know if these hosts (computers, servers, routers, switches, IoT devices) are currently connected to the Internet or the local network. This tool also allows us to perform a port scan to the different hosts, see what services we have active in said hosts thanks to the fact that it will tell us the status of their ports, we can know which operating system a certain computer is using, and we can even automate different tests pentesting to check the safety of the equipment.

Nmap has different types of port scanning, they can be through TCP segments, UDP datagrams or ICMP packets, in addition, it allows to perform scans in a hidden way so that they are difficult to detect by firewalls. Of course, we can do port scanning on certain ports in particular, between port ranges, IP address ranges, possibility of using TCP null, FIN, Xmas and ACK packets in addition to SYN, to locate open TCP ports.

Other features that this tool offers us is the possibility of making a complete network inventory, and even checking if a certain host or service is still up and running. This program was designed to scan a large number of hosts, therefore if you need to scan multiple targets you will have no problems. This program is very flexible, incorporates dozens of advanced techniques to scan hosts and ports, in addition, it also allows audits through NSE (Nmap Search Engine), so it is really powerful.

Nmap has various states on the ports that will appear when we do a port scan. It is essential to know what each state of Nmap means, because with any port scan, it will return different states.

Port status with Nmap

  • Open– An application is actively accepting TCP or UDP connections. The port is open and usable, pentesters will be able to use this open port to exploit the system. It is the default state if we do not have a firewall blocking access.
  • Closed: A port that is closed is accessible because it responds to Nmap, however there is no application running on that port. It is useful for discovering that a host is up, or as part of detecting an operating system. For the system administrator, it is recommended to filter these ports with the firewall so that they are not accessible. With regard to pentester, it is advisable to leave these ports “closed” to analyze later, in case they put a new service.
  • Filtered: In this state Nmap cannot determine if the port is open, because there is a firewall filtering Nmap packets on that port. These filtered ports are the ones that will appear when we have a firewall activated. Nmap will repeatedly try to try to connect, which makes port scanning quite slow.
  • Open | Filtered: Nmap does not know if the port is open or filtered. This occurs because the open port does not send any response, and this lack of response could be from the firewall. This status appears when we use UDP and IP, and we use FIN, NULL, and Xmas scans.
  • Closed | Filtered: in this state it is not known if the port is closed or filtered. This state is only used in IP Idle Scan.

Once we have seen the main features of Nmap, and the status of the ports that we have available, we are going to install and use it.

Download and install Nmap on any system

The first thing we have to do to use this powerful program is to download it and then install it. In the Nmap download section You can find all the links, binaries and source code for installation in Windows, Linux and MacOS operating systems. We currently have this program available in all the repositories of Linux-based operating systems, so its installation is really simple. We have installed this program in Ubuntu, but simply executing the installation command of your operating system followed by “nmap”, you will install the program without difficulties.

sudo apt install nmap

Once installed we can use it from a terminal, either on Windows, Linux or macOS. In all the examples that we will give you below, we have used the Ubuntu operating system, but we have the same commands available for Windows and macOS, without any changes.

Nmap usage examples

Quick port scan

If you want to perform a quick port scan to a specific host, we must type the following command.

nmap [ip]

For example, if we want to perform a quick scan of the main ports to a host with IP address 192.168.1.2, the order would be the following:

nmap 192.168.1.2

The program will return the ports that are open on the target computer.

portsnmap_foto_2

Scan a range of ports

Instead of scanning all ports, we can set a range of ports to check. For this we will execute:

nmap -p [rango] [ip]

If we want to perform a port scan from TCP 20 to TCP 200 on the IP address 192.168.1.2, just execute the following command:

nmap -p 20-200 192.168.1.2

The program will indicate within that range which ports are open.

portsnmap_foto_3

Detect operating system and more host data

We can tell Nmap to detect the operating system. It does this by sending packets and analyzing the way it returns them, being totally different in each system. Along with this, it will carry out a port and service scan for vulnerabilities. Also, the scan will return useful information. For this we must execute:

nmap -A -v [ip]

If we want to perform this scan to the IP address 192.168.1.2 we can execute the following command:

nmap -A -v 192.168.1.2

portsnmap_foto_4

List of all commandss

This program is really complete, so far we have used the basic commands to discover hosts and also to see if it has open ports, however, this does not stay that way, and we have a large list of commands to make the most of this tool.

Select objectives

IP addresses or ranges, names of systems, networks, etc.

  • Example: scanme.nmap.org, microsoft.com/24, 192.168.0.1, 10.0.0-255.1-254
  • -iL file list in file -iR n choose targets randomly, 0 never ends
  • –Exclude –excludefile file exclude systems from file

Discover systems

  • -PS n tcp syn ping
  • -PA n ping TCP ACK
  • -PU n ping UDP
  • -PM Netmask Req
  • -PP Timestamp Req
  • -PE Echo Req
  • -sL list analysis
  • -PO ping per protocol
  • -PN Do not ping
  • -n don’t do DNS
  • -R Resolve DNS on all target systems
  • –Traceroute: trace route to system (for network topologies)
  • -sP ping, same as –PP –PM –PS443 –PA80

Port analysis techniques

  • -sS parse using TCP SYN
  • -sT parsing using TCP CONNECT
  • -sU analysis using UDP
  • -s AND analysis using SCTP INIT
  • -sZ using COOKIE ECHO from SCTP
  • -sO IP protocol
  • -sW TCP window -sN
  • –SF -sX NULL, FIN, XMAS
  • –SA TCP ACK

Ports to analyze and order of analysis

  • -p n-mrango
  • -p– all ports
  • -pn, m, z specified
  • -p U: nm, z T: n, m U for UDP, T for TCP
  • -F fast, the common 100
  • –Top-ports n analyze the most used ports
  • -r not random

Duration and execution:

  • -T0 paranoid
  • -T1 stealth
  • -T2 sophisticated
  • -T3 normal
  • -T4 aggressive
  • -T5 insanity
  • –Min-hostgroup
  • –Max-hostgroup
  • –Min-rate
  • –Max-rate
  • –Min-parallelism
  • –Max-parallelism
  • –Min-rtt-timeout
  • –Max-rtt-timeout
  • –Initial-rtt-timeout
  • –Max-retries
  • –Host-timeout –scan-delay

Service and version detection

  • -sV: services version detection
  • –All-ports do not exclude ports
  • –Version-all test each scan
  • –Version-trace trace version analysis activity
  • -Or activate detection of the Operating System
  • –Fuzzy guess OS detection
  • –Max-os-tries set maximum number of attempts against target system

Firewall / IDS Evasion

  • -f fragment packets
  • -D d1, d2 cloak analysis with decoys
  • -S ip spoof source address
  • –G source spoof source port
  • –Randomize-hosts order
  • –Spoof-mac mac change source MAC

Level of Detail and Debugging Parameters

  • -v Increase the level of detail
  • –Reason reasons by system and port
  • -d (1-9) set debugging level
  • –Packet-trace packet path

Other options

  • –Resume file continue analysis aborted (taking output formats with -oN or -oG)
  • -6 enable IPV6 scanning
  • -A aggressive, as with -O -sV -sC –traceroute

Interactive options

  • v / V increase / decrease level of analysis detail
  • d / D increase / decrease debugging level
  • p / P enable / disable packet trace

Scripts

  • -sC perform analysis with default scripts
  • –Script file run script (or all)
  • –Script-args n = v provide arguments
  • –Script-trace show incoming and outgoing communication

Output formats

  • -oN save in normal format
  • -oX save in XML format
  • -oG save in format to later use Grep
  • -oA save in all previous formats

These are mainly the commands available to Nmap. Before finishing, we must say that Nmap has a multitude of options with which to perform complete network analysis. We can consult all the available options by typing:

nmap --help

portsnmap_foto_5

Nmap is undoubtedly a very simple and complete tool to perform network audits, but this does not end there, we also have Nmap NSE available for advanced pentesting.

Nmap NSE: what it is and what it is for

Nmap Search Engine or also known as Nmap NSE, is a large database with thousands of scripts that will allow us to automate the pentesting of systems and networks. This set of scripts will allow us to automate many actions, such as carrying out brute force attacks on Samba servers, FTP servers, SSH servers, checking if a web server has a known vulnerability, and much more.

For example, if we want to carry out a brute force attack, based on a list of users (with a file called users.txt) and a list of passwords to test (with a file called keys.txt) to a SSH server of a certain computer that has the IP 99.99.99.99, we can put the following command:

nmap -p 22 --script ssh-brute --script-args userdb=usarios.txt,passdb=claves.txt --script-args ssh-brute.timeout=4s 99.99.99.99

We recommend you visit the NSE official use website where you will find all the scripts that are currently in this large database, in addition, you will have examples of how to use them.

Categories
Configuracion puertos Tutoriales

Zenmap, Nmap’s graphical interface for port scanning

Zenmap, Nmap’s graphical interface for port scanning

Zenmap is a free tool that we can use to scan ports. We can know which ones we have open, to avoid problems when using some programs or accessing a server. It is the graphical interface of the popular open source program Nmap, which allows a complete port scan of any connected equipment.

It should be noted that this tool, which is completely free, is available for different operating systems such as Microsoft Windows, Linux, or macOS. It allows users to run different types of port scans. It is ideal for less experienced users as well as for more advanced users.

To start using Zenmap, the first thing we have to do is download it. We can do it from official website by Nmap. There we will find the different versions, depending on the operating system we are using. The installation process is simple, fast and intuitive. In a few seconds we will have it ready to use.

When we have installed it we will simply have to run it. We will find an image like the one above. We can choose a thorough port scan, fast scan, TCP ports, UDP, etc.

How to check the open ports of any computer

With Zenmap we can see what ports are open on any device. In the Objective section we have to put the IP address that corresponds to that equipment to later carry out the scan to show which ones are open.

Therefore the first thing we have to do is know what is the ip address of our team. In Windows this process is very simple. We simply have to go to Start, run the Command Prompt and then ipconfig. It will show us a series of information among which we can see the default gateway (generally 192.168.1.1) as well as the IP address of that computer.

When we know what the address is, we will have to put it in the Objective section, in Zenmap. Later we will have to choose the type of scan we want to carry out, such as a complete scan of all TCP ports.

TCP port scan

In Zenmap, at the top, we will find different tabs. We will see Nmap Output, Ports / Servers, Topology, Server Details and Scans. All of them provide us with information, as well as being able to choose the type of service on the left side.

When we click on Ports / Servers, a compilation of all the open and filtered ports on that host will appear. Keep in mind that more or fewer ports will appear depending on the type of scan we have performed.

Zenmap server ports

If we click on Scans All the scans we have performed will appear. We can save them to be able to analyze the data on another occasion, as well as delete them so that they do not appear there.

We can do this with any other equipment that we have connected to the network. For example we can also check the open ports and make a scan to our mobile phone. We are only going to need to know what the IP address is. Of course, it must be borne in mind that this process may take more or less depending on the type of device.

In short, Zenmap is an interesting program with which we can do port scans. We can use it in Windows, which is the most widely used operating system on desktop computers, as well as on Linux and macOS. Its use is simple and intuitive and we will be able to have greater control over which ports we have open, especially when we need to know if a computer is going to work correctly when using an application that requires certain open ports.

It is, therefore, an alternative to Nmap port scanning but through its graphical interface. Easier to use, both by less experienced users as well as more advanced users.

Categories
Configuracion puertos Tutoriales

How to open (or close) a port to an application in Windows Firewall

Many of the professional security suites that we can find on the Internet, such as ESET, Kaspersky or Bitdefender, among many others, have a complete integrated firewall that works at the same time with the antivirus to protect the user. However, Windows It also has its own Firewall from Windows XP, an essential security tool that allows us to choose how we want applications to connect to the Internet. This firewall has also gained great popularity since the arrival of Windows 10, as it works seamlessly together with Windows Defender, Microsoft’s new free antivirus included as a base in Windows 10 and that in a short time has become one of the best (if not the best) that we can trust.

Usually windows firewall It does not usually give us problems and usually knows well which applications to allow and which to block. However, if we want our network to work perfectly and be as secure as possible, we can configure its behavior, especially to choose the ports through which we want the applications to connect to the Internet, preventing them from communicating through of others.

Next, we are going to explain step by step how to configure the Windows 10 Firewall so that a download application (such as Transmission or uTorrent), or an online game (such as Call of Duty or Fortnite) can connect to the Internet through the ports used.

Before continuing, we recommend using the following open ports test to check that the ports are open in our router, since if they are closed in it, it is of little use to open them in the Windows firewall. If we have them closed, before entering the firewall configuration on PC we will have to start by opening them on our own router.

How to open the ports in the firewall of Windows 10 (or any previous version)

To open the ports in this firewall, the first thing we will do is enter its main configuration. For it we will write “windows firewall” in Cortana in our Windows 10 (or we get to it from the Control Panel if we use an earlier version of Windows) and we can see the status summary window of this firewall.

We will click on the option «Advanced configuration»That appears in the menu on the left to get to the advanced security options.

In the new advanced security configuration window we can see three columns. In the left column we will see a summary with the types of rules that we can have, in the central part the rules already created and in the right part the actions we can do with these rules.

Windows Firewall - Open ports 2 tutorial

On the one hand, we have the outbound rules, that is, the rules that indicate how applications can connect to the outside, and on the other hand the inbound rules, rules that define where applications can receive connections from outside. The ideal thing to have maximum security would be to create two rules, one inbound and one outbound, blocking all traffic that is not defined in these rules. To do this, we will start by creating an “entry rule”. We select this category on the left side and we will create a new rule.

In the first window that will appear we will select the option “Personalized” to be able to create a specific rule per application and port.

Windows Firewall - Open ports 3 tutorial

We continue in this wizard and the next thing we will have to do is choose the route of the Program to which we want to define Internet access. In our case, for example, we are going to use a Steam game.

Windows Firewall - Open Ports 4 Tutorial

In the next step we will choose the ports through which the selected application can receive Internet traffic. For this we will choose the type of port (the most common will be TCP and UDP), as well as the remote port and the local port to which we want to give access. Except in specific configurations or if we have port forwarding in our router, the local and remote ports will be the same.

Windows Firewall - Open Ports 5 Tutorial

In the next step we will be able to choose the IP addresses, local and remote, to which the application can connect. If we know the IP of the server we can enter it here so that only said IP can connect with the application. This is already quite concrete, so, except in specific cases, we can let any IP send traffic so as not to have problems.

Windows Firewall - Open Ports 6 Tutorial

In the next point we are going to choose if we want this rule to be to allow traffic or to deny that specific traffic, allowing the rest. In our case, it is to allow said traffic, so we choose this option and continue.

Windows Firewall - Open ports 7 tutorial

The next two steps are very simple. All we have to do is specify if we want the rule to apply to public or private networks or within a domain (we will leave the 3 boxes checked) and we will give a name to identify the network.

We will already have the inbound rule (the traffic from outside that can reach the application) created. As the application as such must also connect with the outside, in the next step we will create an outbound rule. We select the “outbound rules” section and we will follow the same steps as in the previous point, but taking into account the outbound ports and IPs, that is, ports through which the application can go to the Internet.

Once the two rules have been created and saved, we can start using our application or game to see how it can connect to the Internet without problems based on the rules that we have created.

In case of experiencing some type of problem in the connection of the application (or others) and suspect that it may be due to a compatibility problem with the rules that we have just created, from the list of Windows Firewall rules we can disable ruleFrom the options that appear when you click on it with the right button, to check if the problem is really hers, in which case it would be necessary to refine, surely, the issue of ports.

Other easier ways to create rules in Windows Firewall

Although it works well, Windows Firewall is not exactly one of the most intuitive and simple programs of the operating system, it is a rather complex security tool that can even be scary to some users without much knowledge.

Luckily, some developers have created different applications that allow us to easily configure the Windows firewall itself, much more intuitive applications from which to create and manage the rules we want.

One of these applications is Windows Firewall Control (purchased a few months ago by Malwarebytes) or Simplewall, an open source application that allows us to configure rules in the Windows firewall as quickly and easily as possible.

Categories
Configuracion puertos Tutoriales

How to configure port forwarding in Windows

Configure port forwarding in Windows

It is possible that a certain application or for example a game at a specific time ask us for something called port forwarding. Without that port forwarding there could be no connection between the application or game and the incoming traffic or data entered on the Internet. We could not make use of certain functions that a certain software has.

We can solve this problem if we configure the Forwarding of ports in Windows 10. It is a simple process and you simply have to carry out a series of steps that we are going to explain.

The first thing we have to do is press the Windows key and we write firewall to open Windows Defender Firewall. When we are here we must click on Entry Rules, which is the second option that appears. Port forwarding generally refers to incoming traffic, hence we have to access that feature.

There should appear a list of applications that can be more or less long depending on the time we have been using the equipment and therefore the amount of tools that we have used. Games and applications that have Internet access may appear. This entire list is the entry rules. All this that appears to us is that they have permission to send data to our team.

We can right-click on any of the rules, for example, an application. Later we give Properties. Inside the Protocols and ports box. The protocol will generally be UDP or TCP. We will also see the local port, which is where the connection is allowed. However, the one that interests us the most is remote port. This is the port that the client (that game, application or service) is using to connect.

Entry rules

By default, as we can see in the image below, a remote port is randomly selected. So we can see what it says “All ports”.

What we have to do is create new port rules. We click on “New rule” in the right panel, then in the new window we click on Port. We choose if the connection will use a TCP or UDP protocol (the application that asks us to forward the port must specify the protocol), then we choose the ports that we want to open.

Create new port

We can allow “All local ports” or specify which ones we want to open. We can also specify only one port or open a wider range. We have to give next and then to Allow connection. We have to choose whether the connection should be applied in the domain, private home network or in a public network location and we give that rule a name.

When we have created this rule, it will join all those that were already present. We can modify it, make it apply only to certain programs or services, etc.

Ultimately, by following these steps that we have mentioned, we can forward ports in Windows 10 in case an application or service asks us to do so. As we can see, it is a simple and fast process and that we can do through the configuration of the operating system itself without having to install anything additional.

On the other hand, we want to remember the importance of having security tools. A good antivirus and firewall can prevent the entry of threats. In this sense, we have the possibility of making use of Windows Defender, which is available in Microsoft’s operating system for free.

Categories
Configuracion puertos Tutoriales

How to perform a port scan in Windows with TCPing

What is TCPing?

TCPing is a tool that runs through the console, and works in a very similar way to the typical “ping”, but instead of using the ICMP protocol with echo-request and echo-reply, it uses the TCP protocol and is capable of show us if a certain port of a computer is open, or on the contrary, is closed.

TCPing is also capable of using the “-h” option, what this option does is connect to a specific host using the HTTP protocol. With this option, in addition to telling us if port 80 (by default) is open, it will be able to show us the HTTP status, such as the 200 OK status.

Download, Run, and Test the TCPing Tool

To test this tool, the first thing you have to do is download it from its official website, below you have the link to the tool where its direct download is:

We have two versions available, one for 32-bit operating systems and one specifically for 64-bit operating systems.

When we download it, we open a command prompt (cmd.exe), we go to the path where we have saved the tool and we put the name of it directly to run it. By not introducing any parameter, by default we will get the help of TCPing directly, as you can see below:

In this TCPing help we have all the parameters that we can introduce, the most interesting are the following:

  • -4: uses the IPv4 protocol for connection
  • -6: use the IPv6 protocol for the connection.
  • -t: Pings TCP continuously until we cancel with Control-C.
  • -n NUM: Perform a specified number (NUM) of pings to a host.
  • -S: allows us to select the IP address of origin of the packets, we must have this IP in the system itself.
  • -j: it will show us the jitter of the connection.
  • destination: IP or domain of the host that we want to scan
  • port: the port from 1 to 65535 that we want to scan, by default it is 80 if we do not specify anything.

In the following screenshot you can see a TCping against www.redeszone.net, using port 22 (SSH) and also port 80 of HTTP. In the first case there is no answer because the port is closed, and in the second case we do have an answer.

tcping.exe www.redeszone.net 22
tcping.exe www.redeszone.net 80

If we want to verify the jitter of the connection, we can put the “-j” option and it will show it to us in each of the “pings” it performs against the chosen host:

tcping.exe -j www.redeszone.net 80

In the introduction we explained that this tool is also capable of send tests in HTTP modeIn this way, we can also know the status of the different web pages easily and quickly. Now we are going to put the following command to receive the HTTP status:

tcping.exe -h www.redeszone.net 80

We will get that the status is a 301, a redirect (to HTTPS), as you can see below:

Other available options we have is the possibility of including the target URL in the request itself with “-u” and also using POST and HEAD methods instead of get. Tcping has also incorporated the possibility of making connections if we are behind a Proxy, in the help you have the syntax that you must use for it.

We recommend access the TCPing page with the direct discharge of the tool.

Categories
Configuracion puertos Tutoriales

What are the differences between RJ45 ports and SFP ports

What are RJ45 ports

These are undoubtedly the most common and used. An RJ45 port allows you to connect network cables. You can have 8 pins and not all of them are always used. These connected are present in network routers or switches. They allow devices to connect to the network.

We can use this type of cables to connect all kinds of equipment. It is the standard connector with which we can connect a computer, television, game console, printers or any domestic peripheral that can access the network via cable to a router or switch.

Although today most of these devices that we mentioned have a wireless connection, the truth is that the use of cable is still widely used. Normally with this we gain stability and quality, in addition to a better Internet speed. After all, Wi-Fi networks are more sensitive to obstacles or distance.

What are SFP ports

On the other hand we have the SFP ports. Gigabit switches have these types of connectors. This is used to connect to a wide variety of fiber optic and Ethernet cables to achieve different functions.

They are mainly used in network switches. They allow the connection of different types of fiber optic cables, such as single and multimode, as well as different speeds (1 Gbps, 10 Gbps…). But they can also connect copper Ethernet cables like CAT5e or CAT6.

Usually the most advanced network switches, those that are used especially in the business environment, have at least two SFP ports. In this way, they can even connect different buildings through fiber optic cabling.

Differences between RJ45 and SFP ports on network switches

We have seen what is an RJ45 port and what is an SFP port. We have seen that there are differences and that each of them could be interesting in certain circumstances, depending on what we are going to use a network switch for or the type of cable we use. Now let’s see what the main differences are.

Connection types

The first difference we can find is in the types of connection that each of them supports. Here we will find limitations or more possibilities depending on the type of port that we are using in our devices.

In this sense, RJ45 ports They will support Ethernet cables like CAT5, CAT6, etc. They are the common cables that we use to connect, for example, a computer to a router. Instead the SFP ports They are more complete, since they accept fiber optic connection cable modules (both single and multimode), as well as CAT5e, CAT6, CAT7, CAT8 cables …

Maximum distance

The maximum distance that allow each of the options also varies greatly. The RJ45 ports are useful up to a maximum distance of 100 meters. This makes it more than enough for a home or a small office to connect our devices to the network. However, in case of having to connect equipment further afield, there could be limitations.

On the other hand, SFP ports do allow greater distance. We even talk about kilometers, depending on the case. MMF cables can deliver 10 Gbps at a distance of up to 550-600 meters. But in addition, SMF cables can reach up to 150 kilometers. If we connect a CAT5 cable we would have the same 100 meter limitation as the RJ45.

Latency

There are also differences in terms of latency when connecting devices at a distance. In this sense, the SFP ports have a lower latency compared to the RJ45 ports that can give a worse service when we connect equipment at a considerable distance.

Consumption

Especially for a company or organization that is going to have many computers connected in a network, the consumption can vary significantly. SFP ports have a lower consumption versus the RJ45 ports.

Ultimately, these are some of the main differences between RJ45 ports and SFP ports. As we can see, there are mainly changes between the maximum distance and the types of connections.

Categories
Configuracion puertos Tutoriales

Opening ports on the router will not improve Netflix or Disney + streaming

The first thing we are going to do is explain how Netflix streaming works, since it works in the same way as Disney + and many others. In this way, we can know if opening ports is beneficial for streaming Netflix or Disney + among others.

How Netflix and other streaming works

The operation of Netflix and many other platforms such as Disney + is based on the use of the Internet to transmit their movies and series. The transmission of content is carried out from the servers to the screens of the clients, which can be a Smart TV, tablets or smartphones.

However, this procedure cannot be done by Netflix, Disney + or just any platform. That content that is being broadcast in streaming follows a series of channels:

  1. The content is transmitted from the servers of the platforms and are accessible from the Internet. Normally Netflix usually locates its own servers within the operator’s CPD, to have the minimum latency and the best performance.
  2. In the event that the server is not within the operator’s network, the content will pass from the Netflix CPD directly to the Internet provider’s network, passing through multiple routers until it finally reaches our homes.

The process begins the moment you start playback. Then Netflix, which has servers all over the world, will send us the video from the one closest to us whenever possible. In this case, the shorter the route, the higher the quality with which we can reproduce the video. This means that, depending on the distance, we can enjoy the contents of the platform in 4K, Full HD or HD.

So what Netflix does is use the most efficient way possible to get the video through from its servers to your ISP. It should also be noted that we are an important part, where our ISP and our network equipment influence. Here the two important things that usually have the most influence are the speed contracted with our provider, and the quality of the router that we have, and, of course, the peering / transit of our operator.

Why do we have streaming problems?

In order to view the multimedia content, the first thing we must do is establish communication with the Netflix servers, and later, this must transfer it through our operator’s network to your home. If your network experiences slowdowns or capacity saturation problems, your streaming experience will suffer.

Another factor that can have a negative influence is that the router, together with the additional equipment we have, are not good enough to reproduce the contents on our screens. From RedesZone, a practical advice we give is if you have the router near the Smart TV connect it by network cable.

If there are no major obstacles, we can see the video directly on the screen without any problem. The connection of your ISP at home, your modem or router, the number of connected devices in your home and any other activity on your Internet connection can affect the quality of video you receive.

It can also be due to a bad configuration of some aspect of your network, and even the end device (Smart TV, tablet or smartphone).

Does opening ports improve Netflix or Disney + streaming?

Now we have reached the crucial part of the matter, and that is to know if by opening the ports we will improve the streaming of Netflix or Disney +. Many of you have ever used a P2P program like eMule or BitTorrent. We could also apply the same if we want to set up a web or FTP server. These programs to work well require that:

  1. You have assigned a fixed private IP assigned, so that it does not change if we have the ports open.
  2. Open the necessary ports towards that private IP.

In this type of program, in addition to being a client, you are also offering your files to other people. The consequence of not doing so is that they cannot directly access them (web and FTP), or that in P2P programs we cannot download at maximum speed because the peers cannot communicate with us, but we are the ones who have us to communicate with them.

In Netflix or Disney + streaming, everything ends on the screen where we are viewing content. We are simply a mere receiver of content, but previously we are the ones who have initiated the communication. When we are in a NAT environment, the internal NAT (private IP range) can communicate outwards without any problem since the state of the open socket (IP and port) is saved, only in case the communication starts from outside the NAT (public IP range) is when we must open ports for communication.

Thus, opening ports will not improve Netflix or Disney + streaming at all. Everything is related to NAT and how it works in our routers, if the Streaming services work badly, it is due to other causes and not because you have not opened the ports on your router, since it is totally useless.

Categories
Configuracion puertos Tutoriales

How to see which ports and programs the Windows firewall is blocking

As we have mentioned the function of Windows firewall is to block those connections that may be a security problem. Now, as in many other cases, there may be failures. This is what is known as false positives. This software interprets that a certain program can be dangerous and blocks it, however, it could be the case of having a false positive, that is, a legitimate program that is blocked due to this policy, and therefore, it could generate connectivity problems. or that we cannot directly use a specific program.

Therefore, we are going to explain how to know what programs or ports the Windows firewall is blocking. In this way, we will know if a program that does not work well may be because it is being blocked by the Windows firewall, and we will have to add some additional rule to make it the exception.

How to find out which ports the Windows firewall is blocking

To access we have to follow a series of steps. The first thing is to go to Control Panel Windows. We go to Start and write Control Panel and enter.

Once here we give Security system, which is the first option that appears. Later we give Management tools, which is the penultimate option that will appear.

Management tools

Done this let’s Windows Defender Firewall with Advanced Security. It is the last one on the list. In the menu above we give Action and Properties.

Windows Defender Firewall Properties

We will have to select the profile we want: public, private or domain. In Login, down, we give Personalize. In Register discarded packets, which comes in No (default) we mark it in Yes. We accept.

Configure the Windows firewall log

Now let’s go to File Browser Windows and enter the path where it is saved in the log. This is what we saw in the previous step. In my case it is% systemroot% system32LogFilesFirewall. There we will see the text file that we can open. It’s the one that comes as pfirewall.log. Here the registry of all the ports that the Windows firewall blocks will appear.

View the Firewall log

This log that we have available in the previous route will allow us to know in detail everything that is happening internally in the Windows firewall. If we have any kind of connectivity problem, or when using an application, we will need to look at this log or record to verify that everything is working correctly.

How to see which applications the Windows firewall blocks

We have seen in the case of ports, but we can also see the applications that it blocks. For this we go back to System and security, but this time we enter Windows Defender Firewall, which is the second option.

Once inside, we access Allow an application or a feature through Windows Defender Firewall, which appears on the left.

Allow application in Windows Firewall

Here it shows us the list of all allowed and blocked apps in the Windows firewall. We can modify these parameters if we want. This could happen in case we have problems with a certain program that we trust, but that the firewall blocks it because it considers it dangerous.