What are Internet ports?

Although your computer has a single IP address on the Internet, a variety of functions and software are involved in an Internet connection . For example, receiving email, sending email, viewing a Web page, using a newsgroup, and uploading files are all different processes, with each using different software methods. In order to carry out these various functions in a systematic way, use is made of numbered "ports" as local addresses. (These ports have no physical existence and are not to be confused with actual things such as USB or parallel ports.) These local addresses are used to direct the various types of Internet activity to the appropriate software on the local computer.

Think of your computer as an office building, with different rooms used to carry out various functions. The usual IP address would correspond to the street address of the building and the ports would correspond to room numbers. In fact, the standard form of an URL ( the human-friendly equivalent of the numerical IP address) has a section for designating a port. ( More details are in this article.) The port number is almost never necessary in an URL, however, since port number 80 is assigned by convention to the Internet protocol http.

Ports are numbered from 0 to 65536. However, port numbers are not assigned haphazardly but conform to standards from the Internet Assigned Numbers Authority (IANA). Ports 0-1023 (designated as "well known ports") are assigned by IANA and are generally reserved for system processes. For example, as mentioned above, the protocol http is assigned port 80. Ports 1024- 49151 are called "registered ports"; their assignments are coordinated and approved by IANA. A list of these is published so that conflicts in the use of ports do not arise. (Malware writers, of course, do not observe these rules.) The remaining ports 49152- 65535 are called "dynamic" and/or "private ports".

Making ports secure

Since ports are used to exchange information between a computer and the Internet, they are also a pathway for intruders to gain access to your computer or for malware to use your computer for unauthorized activity on the Internet. Applications or services monitor ( "listen" to) the port that they are assigned. If this listening action is done without taking security steps, the port will be open to incoming signals and may be vulnerable to intruders. This is where a firewall comes in. A firewall will monitor incoming signals and will block any that your system has not specifically requested. Most software firewalls ( but not the built-in Windows XP version) also watch for outgoing traffic and will block any that is not authorized. This protects against Trojan horses and any unwanted activity by spyware or adware.

Crackers are constantly using scanning software to probe many thousands of IPs, looking for a computer with open ports. Today no unprotected computer is safe on the Internet. Estimates vary from a few minutes on up as to how long it takes an unprotected computer to get infected. SANS, a security firm, shows a chart of the average time between attacks for its clients and recent times are 20-30 minutes. All PCs, therefore, need to have some kind of firewall protection. The sidebar contains references with more details on firewalls.

Even if you have a firewall installed, it is wise to have your ports scanned to see if they appear invisible to the outside world. There are a number of Web sites that provide a free scan of the "well known" ports and several are listed in the sidebar.