Ports, IP addresses, and NAT

Port Scanning is one of the most popular reconnaissance techniques attackers use to discover services they can break into. All machines connected to a Local Area Network (LAN) or Internet run many services that listen at well-known and not so well known ports. By port scanning the attacker finds which ports are available (i.e., what service might be listing to a port). Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness.

You can go here, for more information on port scanning:
http://www.auditmypc.com/freescan/readingroom/port_scanning.asp



There are a number of port lists available, but remember these are only current on the day they are written, and subject to change. Here is one we have found to be a good starting point:
http://lists.gpick.com/portlist/portlist.htm



The accessibility of your machine's IP address does not, in and of itself, represent any real security risk. In order for you to use the Internet at all, information must be able to find its way back to your computer. This requires a two-way path between your computer and remote machines. Your machine's unique IP address is the way data finds its way back to you.

It's true that this necessarily creates some degree of security vulnerability, but only as much as is absolutely
required for any sort of "connection" to remote resources on the Internet. The best thing to do is to be concerned and responsible about your machine's security




Note: The NAT router is accessible from the Internet and needs to be protected via a firewall or other means.! ! !

Every machine on the Internet is identified and located using a unique IP address. This allows returning data to be routed to the proper machine by its address. But, this straightforward system has since been enhanced in an important way known as Network Address Translation or NAT.

In a NAT-based system, a single IP address represents the NAT router . . . behind which can lie an entire private network of machines. The machines on this private network (behind the NAT router) use IP addresses that have been set aside for just this purpose. They generally start with 192.168.x.x or 10.x.x.x. These address ranges are not used by regular machines on the Internet so that any machines on the private network can know that they're talking amongst themselves.

When one of the machines behind the NAT router needs to contact resources on the public Internet, the request is routed through the NAT router (since that's what connects the machines to the Internet). The NAT router reformats the outgoing data packet so that it appears to originate from IT, instead of the actual originating machine, and sends it on its way. Then the data returns the process is reversed and the data packet is sent to the originating machine on the private network. Thus, when viewed from the perspective of the external public Internet, all of the machines behind the NAT router appear to be a single machine with that one (NAT router) IP address.

A single firewall on the NAT router provides an intial point of defense for the entire network. This assumes that the rest of the network machines have no other access to the internet other than via the NAT router.

For additional NAT info go here: http://www.securitydogs.com/nat_library.html