How do hackers take advantage of open ports as a vector for an attack?

  • It is widespread knowledge, and therefore a common practice, to close open ports on any machines connected to the internet.

    If for example, a typical program uses port xyz as it's communication channel, and there is a vulnerability in that program, which could be exploited through that port, why won't the same attack be successful through, let's say, port 80?

    Given our pseudo program uses port 888 TCP, and it has a vulnerability which could be exploited, why can't that vulnerability be exploited through port 80 TCP (which is HTTP, and is open on almost any machine)?

    Is port 80 on the web server listening only to a UNIQUE type of TCP packets? Does it accept only a certain kind of packet?

    Why can't a hacker try to craft a TCP packet with a malicious string, encapsulate it inside the HTTP packet and therefore attack the web server?

    To address your specific scenario, if your program is running on a system listening to port 888, then there is no guarantee that a web server is listening on port 80. Even if a web server is listening on port 80, there is in all likelihood no communication between the web server and your program. So in this case even if you submitted a malicious packet to port 80, the web server would not know what to do with it and reject it.

  • schroeder

    schroeder Correct answer

    9 years ago

    Services listen to ports. Web servers (a service) listen to port 80, but that's just a standard, not a hard rule. You could configure any service to listen on any port. It's not about 'special packets' it's about 'dialing the right port number' to get the service you want.

    If your pseudo program has a vulnerability, then it can be attacked on the port it is assigned to. You can't attack a program on ports it is not listening to. If you try to attack it on another port (like port 80 in your example), your program will not be reached.

    Your last question, then, is a little strange: "Why can't a hacker try to craft a TCP packet with a malicious string, encapsulate it inside the HTTP packet and therefore attack the web server?" That IS what hackers do. But they target the port of the service they want to hit. But maybe you can refine that question based on the information I have provided.

    So, why close ports? Because you want to reduce the number of potentially vulnerable services that you expose to the Internet.

    So you should really start with making your programs (services) not sticking their nose to any port from the internet (unless you have to).

    Hmm, then if someone is browsing, and if it is highly likely that his port 80 is open, then is it logical to attack from that port at first? If so, then why are there standards in port numbers? It is like there is a standard place that everyone knows for hiding your house keys.

    @huzo browsers do not have port 80 open, and browsers do not listen. In addition, ports are not keys, they are doors.

    No, what I mean is, when I browse the internet, MY port 80 is open, isn't it? So can't we say that I leave one of my doors open whenever I want to surf the internet. Therefore, being vulnerable?

    @huzo no, it is as I said. Browsers do not have port 80 open. Servers typically expose port 80 so that browsers can connect.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM