Quote:
Originally Posted by
LMHmedchem
Thank you for this very informative post. This is what I was looking for. If I read this right, my router will automatically block incoming connections unless I have set up port forwarding to allow it. Further, unless I am running the service that the connection is looking for, the connection would be refused anyway.
Exactly.
Quote:
Is there any way for there to be intrusion on port 80, since that will be used for normal internet traffic?
I am not sure if i understand the question correctly. Port 80 is for hypertext transport protocol (http). It is the default port a web server (=httpd, http-daemon) uses. Suppose you use http to surf to some web site:
You send a request to some site, using http and contacting port 80 at, say, remote.site.com.
The httpd (read: apache, tomcat, IIS, ...) sits there at the server and listens at port 80 when your request comes in.
It picks it up, creates an answer (=web page) and sends it to you, using some unspecified free port on its own system and port 80 at yours.
Your http-client (read: web browser) takes this message apart, creates an answer (for instance, by you clicking on a link, etc.) an sends it back, etc..
A "message" in http is similar to an MIME e-mail in format. It can consist of several parts (pictures, scripts, ...) and of course one (or even several) of these parts can contain malicious code. If you download such code and you run a widespread graphical interrupt handler instead of an OS, your system
could become infected with some malware, adware, virus, worm, ...
You would have gotten this malicious code through your port 80, like all the other http messages you get. Closing it would simply forbid any http traffic and effectively prohibit http-connections of any sort. You can either use some scanner inspecting what comes through port 80 (this is how virus scanners work - they pose as daemons listening at port 80 and only pass to the originally intended client after having inspected what comes through) or use a system which cannot be affected by malicious code. Code, malicious or not, will not carry out its purpose until being run and it runs with the privileges of the user running it. This is why it is a very bad idea to surf the web as "root" in Unix. Alas, some OSes are only usable as "Administrator" and so the problem starts.
I am not sure if i have addressed your concern. In case i haven't: please ask clearly, what you want to know.
I hope this helps.
bakunin