On some occasions, for the correct operation of a program or game, it is required that certain ports be opened on the router so that they are accessible from the Internet. However, if possible, it is advisable to keep the ports closed. Cybercriminals scan ports for vulnerabilities and ways to execute their attacks. What happens is that, sometimes, to use a program or play online we will have to open ports. Here we will explain to what extent it is dangerous to open router ports to play online, and also in the case that we have to do it, how we should do it.
When we talk about the transport layer of the TCP / IP model, we have to refer to two types of protocols: TCP and UDP. Both can be used when opening ports.
How do I open ports and why do I open it?
The first thing we have to do to open router ports to play or what we need is to find out the IP of our router. We will do it with a command prompt window by typing this command:
ipconfig /all
Then a screen will appear as is where the Default Gateway is the IP of our router.
Then we write it in the Internet browser and enter our username and password to enter the router configuration. Next, we look for a section generally called NAT, Virtual Server or Port Forwarding.
The next step would be to put the port we want to use and the protocol it uses, either TCP or UDP, which we talked about earlier. The local IP of the equipment should also be added. If you want more details here you have explained how to open the TCP / UDP ports of any router .
As for the most typical reasons for wanting to open router ports to play or use applications, they are usually behind one of the following:
- Console game users who complain that they have strict NAT, preventing them from playing well, due to one or more ports.
- The use of P2P programs such as Torrent or Emule.
- To use an FTP, SSH or VPN server at home, it is necessary to access them from the Internet
Is it dangerous to open the router ports to play?
As for if you open a port that is not in use, it can be dangerous, especially since at any moment a vulnerable service could be listening on that port, therefore, we will be exposed. It is not as simple as opening the first port that comes to mind. Another important consideration is that we must open as few ports as possible. In search engines like Shodan you can see the open ports of different services, and it is even able to tell us if there is a service running behind this port.
In that sense, when opening router ports to play games or for a program, we must ensure that the range is as small as possible. The fewer possibilities of attack we give to cybercriminals, the safer we will be.
It should also be noted that there are some critical ports that we should not use unless we are going to use that service. All the ports that we put below are common for the different protocols, for security it is advisable to change them as soon as possible and not use the default ports.
- Port 21 used by the FTP protocol and to create servers of this type.
- Port 22 used by the SSH protocol to manage computers remotely.
- Port 23 used by the Telnet protocol for remote access.
- Ports 80 and 443 that should be closed if we don’t have a web server.
Here are more dangerous TCP and UDP ports and how we can protect ourselves. These ports that we have shown you are the most basic, and the first that a cybercriminal will review. Therefore, if we block all except those that are in use and we need, we will have a very protected system. Remember that, if we have an open port, it can be the first step for an intrusion.
Check open ports online
Another important point to review is the software we have installed . In that sense, an operating system without up-to-date updates makes us more vulnerable . A worrying fact is that many people still use Windows 7 and XP, even though they have not been supported for a long time. Another relevant factor is our router , which must have updated firmware . In addition, an old router that has not been updated for many years can also leave us exposed.
The first thing we need before starting to check the ports is to know our Public IP. For this we are going to use the website what-es-mi-ip.net and by clicking on the link we will be able to know our IP.
Next, it’s time to check the open ports on your router. To do this, we will use the speed test website. There they have aport test to check it quickly and easily online.
Once the web is loaded, we put our public IP address, and we establish the port or ports that we want to check. This tool allows you to check port ranges and also ports separated by commas. Finally, here are my results in which you can see that ports 21, 22 and 23 that we talked about before are closed, which is good news.
As you have seen, opening ports on the router carries a security risk if we have a vulnerable service behind, or if we open a port that is not being used, because in the future an application could use it and be vulnerable. In the world of cybersecurity, the first thing pentesters will test and verify are the open ports on a certain target, to try to exploit a vulnerability in the services behind it.
