PDA

View Full Version : OT: Router ports



Wayne02
07-19-2006, 04:34 PM
I'm installing a video monitoring/recording system at our place. The main recording unit has the quad monitor, hard drive, etc. This unit has its own IP address. The recording unit gets connected to the router that runs the 4 computers in our house, and allows each computer on the local area network to check the cameras, operate the recorder etc. In addition, you can check the cameras and have limited control over the recording unit remotely via the internet.

The instructions say I have to "forward ports 5000, 5001, 5002, 5003" for this all to work. I have yet to pull out the instructions for the router (netgear wired/wireless) to figure out how to do this, but I was wondering if this presents any potential security issues with the network? What does it mean when you "open a port", or "forward a port"?

Wayne

Evan
07-19-2006, 05:11 PM
The camera system is acting as streaming video server. The router must be set to allow packets destined to and coming from this server to pass through the router.

"Opening" a port means that data packets identified as coming from a port or going to a port are permitted to pass through the router to and from the internet. Forwarding means that data from the network with this port ID is allowed to be passed to the internet.

This is set up in the router in the advanced settings that will look something like this screen from my router.
http://vts.bc.ca/pics/router1.jpg

Yours will differ unless you have the same model but the general idea will be the same. You need to allow the range from 5000 to 5003 to be passed through.

As for security, there are a couple of concerns.

Ports 5000 to 5009 are used by Yahoo chat so closing them kills that service (obviously not a consideration if they are already closed). The one thing to beware of is that the Windows Universal Plug and Play service (UPnP) also uses port 5000. Opening that port on the router exposes this service to the internet. It is known to have vulnerabilities so it is imperative that all machines be updated fully.

Alternatively this service can often be disabled without much effect. However, it may be that the camera system is depending on UPnP for discovery and use by any systems on the network. If so disabling this service will possibly disable the connectivity of that computer to the camera.

Wayne02
07-21-2006, 01:22 AM
The one thing to beware of is that the Windows Universal Plug and Play service (UPnP) also uses port 5000. Opening that port on the router exposes this service to the internet. It is known to have vulnerabilities so it is imperative that all machines be updated fully.
Thanks, Evan.

Updated fully as in the windows updates from MS? I've got all the machines set to automatic update, is that the most reliable method?

Wayne

Evan
07-21-2006, 01:38 AM
I would manually check to make sure the updates are done. Be aware that Microsoft has instituted something called Windows Genuine Advantage. You must allow Windows Update to install this software now in order to use the Windows Update website manually. So far it doesn't affect automatic updates.

This is software from Microsoft that tries to validate your Windows installation by checking your product key against their database. If you have a leaked or counterfeit copy of Windows then special software will be installed on your computer that will continually nag you to buy a copy of windows. It may be worse than that, Microsoft isn't telling the entire story.

See here:

http://news.google.ca/news?q=Microsoft+Genuine+Advantage&hl=en&lr=&sa=X&oi=news&ct=title

BTW, I forgot to mention that you don't need to open those ports if you don't intend to monitor the camera system over the internet. If all you want to do is view it from any computer in the house then you need not make any changes or be concerned about security.