When you connect your computers, servers, and routers to the internet, they need to communicate with external services such as web servers, database servers, and email servers. This communication takes place through specific pathways called ports.
When you purchase a new device, there are certain ports, known as default open ports, that are already set up to facilitate internet communication with specific services. Now, the question arises: should you modify these default open ports?
What Does “Default Open Port” Mean?
A default open port refers to a specific port number that is preconfigured to allow incoming internet connections and data packets from particular services. These ports utilize protocols like Datagram Congestion Control Protocol (DCCP), Stream Control Transmission Protocol (SCTP), User Datagram Protocol (UDP), or Transmission Control Protocol (TCP).
For example, when you purchase a computer or router, port 80 is usually open by default to facilitate connections to web servers. This means you can access web servers without needing to manually open or configure port 80. The default configuration enables Hypertext Transfer Protocol (HTTP) communication between web servers and browsers.
Common Default Open Ports The Internet Assigned Numbers Authority (IANA) maintains the Port Number Registry, which includes over 65,000 ports. The range from 0 to 1023 is known as System Ports or Well-Known Ports. System ports are typically assigned to specific well-known services and are often open. Ports from 1024 to 65535 are typically registered by users, services, or processes, but not all of them are actively used or open at all times.
Default open ports are commonly found within the range of 0 to 1023. While it’s technically possible to assign any port from 0 to 65,535 as the default port for a service, it’s best to follow established conventions to ensure compatibility. For instance, if you change port 80 to something other than HTTP traffic, you may encounter difficulties connecting to internet services, as programs and services are programmed to use specific ports.
For instance, the default open port for the MySQL Server is port 3306 across Windows, macOS, and Linux operating systems. Here are some other examples of common default open ports:
- Port 21: File Transfer Protocol (FTP) Control
- Port 23: Telnet
- Port 53: Domain Name System (DNS) Service
- Port 110: Post Office Protocol (POP3)/Authenticated Post Office Protocol (APOP)
- Port 139: Server Message Block (SMB)/NetBIOS-ssn
- Port 5000: Universal Plug and Play (UPNP)/network discovery protocol, commonly used in routers
It’s worth noting that different default open ports may have variations in their names due to minor differences in specific services.
For instance, Windows and Linux use port 67 to receive requests from Dynamic Host Configuration Protocol (DHCP) clients and port 68 to send requests to DHCP servers. On macOS, these ports are used for the Bootstrap Protocol Server (bootps) and Bootstrap Protocol client (bootpc). However, in reality, these ports serve the same purpose as DHCP is an extension of the Bootstrap Protocol, and the process functions similarly across Windows, Linux, and macOS.
Should You Change Default Open Ports?
Changing or reconfiguring default open ports can be done to enhance security against automated cyberattacks, but it requires expertise in the matter. In most cases, changing default ports may not necessarily improve security and can potentially create vulnerabilities.
Default open ports themselves are not inherently dangerous. The real danger arises when the associated services are unpatched or vulnerable to exploits. Mistakes or malicious actors can exploit such vulnerabilities, leading to compromised services and hosts. An example of this is the WannaCry ransomware attack, where infected systems targeted devices receiving traffic on ports 135-139 or 445 (the ports used by the SMB protocol).
Changing default open ports can introduce complexities. For example, if you modify the port used by HTTP, you’ll need to update your web browsers to connect to the new port. Instead of changing default ports solely to mitigate cybersecurity risks, you can use tools like Nmap and Wireshark to identify any exposed sensitive data or potential security vulnerabilities associated with open ports.
However, there are valid reasons to change default open ports. For instance, you might want to run multiple instances of an application on the same computer, access services like Remote Desktop, SQL Server, or Configuration Manager, or comply with your company’s firewall rules.
Checking Your Computer’s Default Open Ports
To check the open ports on your computer or server, you can use specific commands. On Windows, you can utilize the netstat command, while on Linux, you can use the corresponding command in the Terminal app. These commands display the open ports, which are indicated by the number following the colon (:) after the IP address. For example, in the address 111.122.1.23:80, the open port is 80.
Another approach to check your computer’s default open ports is by connecting your router to the computer using an Ethernet cable. This connection allows you to inspect the open ports associated with your computer.
How to Modify Default Open Ports
The process of changing default open ports varies depending on the specific service (e.g., HTTP, UPNP, MySQL) and the operating system of your computer. However, the general steps are similar.
To begin, you’ll need to locate the configuration file for the service and find the section that defines the port you wish to change. Modify the default port number to your desired value, save the configuration file, and restart the service.
Let’s take the example of changing the HTTP port from 80 to 8080. The main configuration file for the Apache HTTP Server is usually named httpd.conf (or apache2.conf on Debian OS).
First, install and set up the Apache Web Server on your Linux or relevant operating system. Once installed, locate the httpd.conf file, which can typically be found in the following directories:
- Linux: /usr/pw/apache/conf
- macOS: /etc/apache2
- Windows: C:\wamp\Apache2\conf
You can confirm the exact location of the file by running the command “httpd -v” in the Command Prompt or Terminal.
Open the httpd.conf file with a text editor and find the section that defines the HTTP service port. You will likely see “Port 80” or “Listen 80.” Change the value 80 to 8080.
Save the configuration file and restart the Apache HTTP Server using the command “pw process restart httpd.”
Modifying Your Router’s Default Open Ports Similarly, you can change the default open port of your router’s HTTP service from 80 to 8080 using a macOS, Windows, or Linux computer, as long as it is not hard-coded to the default port. However, note that some routers may not allow users to change port configurations.
Follow these steps:
- Open a web browser and enter your router’s IP address in the address bar. Press Enter or Return to access the login page.
- Log in to your router’s settings page and navigate to the Device Administration, Management, or Advanced Settings section, depending on your device.
- Look for the HTTP Port option, usually found under the firewall tab. Consult your router’s manual for precise instructions, as some routers, especially those provided by ISPs, may not allow you to change the default open ports and only support port forwarding.
- Alternatively, if available, use the Search bar to locate the HTTP Port option.
- The default open port is typically set to 80. Change it to 8080 and save the changes.
- Keep in mind that modifying your router’s default port may require additional configuration of your firewall or other devices to allow access through the new port. Also, note that changing the default port of your router is different from port forwarding, where incoming traffic is directed to a specific port.
Avoid Changing Default Open Ports Unless Necessary Changing default open ports may be necessary in some cases to access specific services or comply with firewall rules. However, it is important to consider the potential complexities, compatibility issues, errors, and security vulnerabilities that may arise from modifying default open ports.
Unless absolutely required, it is generally recommended to leave default open ports unchanged to minimize complications and maintain a secure configuration.