What can the bad men do with an open port?

hi guys!

I've got 3 questions about TCP/UDP ports that i can't seem to find answers for anywhere and i'd like to pick your brains on them! It's really wierd, you can find incredible amounts of portscanning information but NO information on what an open port actually means... Just that it's BAD

I have a computer with MS Windows Server 2003 acting as a firewall, gateway, domain controller and utorrent server with two network cards, one to internet and one to LAN. I've activated the NAT funtionallity and Im using pc tools firewall on it.

1. I forwarded a port in NAT (within the 49152–65535 range) to the server itself and opened up the software firewall on the server for tcp trafic on the very same port. Then I told uTorrent too listen to it. Does this mean that utorrent reserves that port to be exclusivly used by utorrent or only that it's listening to that port for traffic relevant to itself? can someone use this port for something other than utorrent-traffic while utorrent is running... or not running?

You are only open up that ephemeral range for utorrent to initiate a connection on. You may not have anything listening on those ports. If you did, you wouldn't be able to initiate a utorrent connection on those ports. At the command prompt type in: netstat -a
and see if there is anything listening on those ports.



2. can you do anything you want on a open port, or does it need to have an running "server" progam/service that listens and reacts for/on trafic on that explicit port?

I tried opening a port60123 on the server and telnet into it from a client. The server-firewall reports letting it through but the client says that its unable to connect to port 60123. Is this because telnet service is listening to port23 and not 60123? works on 23.

what can the hacker do if i open a port that has no programs listening on it? Only say bad words or can he for instance start a progam on my server... or just nuke it ?

The concept of an open port requires a server process to be listening in on that port. Thus if you just allowed 60123 through your firewall to a specific host and that host does not have anything listening in on that port, then your host will reply back with an ICMP port unreachable to the originating host to indicate that there is nothing listening in on that port.


3. Can I find out what programs/services are listening on what port, ie a list showing port1: telnet, port2: apache, port3: uTorrent? Or would I have to check that out by RTFM?

netstat -a



Thanks Mates!