Does giving out port information increase security risk?

[Kraizer]

So, I was on a game forum and a user there was asking a GM what ports the game uses; apparently that user was at work so I'm assuming the IT dept blocked common ports used by entertainment websites. The GM responded by saying they cannot divulge that information due to possible security risks.

I've played games that allow users to host their own servers, E.G: Minecraft, Sauerbraten, Nether, Halo CE, ect. And the ports those games use is well known through-out the hosting community. What's the difference between that, and say, knowing which port Guild Wars 2, WoW, or Crossfire, uses?

 

[bicycle_repair_man]

By revealing port numbers, an attacker may attempt to access your private LAN. If you host a Minecraft server which has a static IP address that's visible on the Internet, an open port allows other Internet users to connect to that server specifically to play Minecraft. For example, if Minecraft used port 8000 then Internet users connect to it using port 8000. If someone tried to connect to it using port 25, the connection would fail.

If an attacker discovers the IP address of your server and the open ports, they can use that as a gateway into your LAN, assuming that the server is connected to the LAN. If the server isn't connected to your LAN, then only the server is at risk. In corporate networks, ports are controlled by firewalls rather than the server, and DMZs are deployed to protect the internal LAN. Best practice is to use a port number(s) that isn't the default one, but this won't always be possible, as some software will demand that the default port is used.

 

[Hawkeye22]

I don't see how this would be an issue. Port scanners are readily available. Shields Up can tell you which ports can be seen from the Internet. Of course, it only scans the ports at the IP address it detects you at, but there is other software out there that will scan any IP address.