# Port Forwarding Question (Possible Security Risks)



## Sam-91 (Jul 27, 2015)

I'd like to open a Minecraft server, just to play with a few selected friends and to do that you have to forward port 25565 on your router 

The thing is, I've heard that this makes your computer more vulnerable to things like hackers/crackers/God knows what, but the risk is very small however still it does exist.

So the question I'd really like to know the answer to is this:

Is this a "constant" threat that could come from anywhere... or are the only people who could try to compromise my system, those who have joined the server?

As in... to be able to try and attack my computer, do they need to play on my server (hence establishing a connection with my PC) or could this be done from anyone and "anywhere", theoretically?

Also I've heard that it's a bit safer to forward a different port (you can edit the server properties file) is this correct?

So far I know that the system's mostly vulnerable when the software in question's actually running (in this case Minecraft) but my main concern is do people have to be connected to the server to cause any kind of harm/security risk to my computer?


----------



## Masterchiefxx17 (Feb 27, 2010)

Hi and Welcome to TSF!

If a hacker really wanted to get into your system, they could do so without you forwarding ports.

A safe option is to only forward those ports when you are playing. When its time to stop playing close those ports.


----------



## Sam-91 (Jul 27, 2015)

Thanks very much for your reply it really helped. Just a small inquiry though If I may?

Is there anything you might be able suggest that I can do to make the system more secure when the port is actually open?

Also does using Tunngle or something similar to it help in any way? I've heard it can be safer?

But I'd really just prefer not to use anything like this if it's not necessary


----------



## Masterchiefxx17 (Feb 27, 2010)

> Just a small inquiry though If I may?


Ask as many questions as needed!



> Is there anything you might be able suggest that I can do to make the system more secure when the port is actually open?


Monitoring network traffic is smart and making sure the network uses a strong security suite is a good idea.


> Also does using Tunngle or something similar to it help in any way? I've heard it can be safer?


I've never heard of it, so I can't comment on that.


----------



## Vikaram (Jul 1, 2015)

From security - How safe is port forwarding in general? - Super User


> Port forwarding lets people connect to the mapped port on whatever device you've pointed it at. The security rests solely with whatever software on that device is listening on that port. So say you've port forwarded 12345 to remote desktop on a PC you never update. Odds are it will be easy to get in to that, and then to whatever it has access to (maybe the whole LAN including the "secure" side of the router). On the other hand, if you port forwarded 6789 to port 22 on a Linux box you update every night, chances are very slim anyone will be able to break-in to it. #1 doesn't make sense, your IP is technically public. But if you had no ports open, there is nowhere to connect and try and break into. Some routers may have intrusion-detection features, but they may not be able to do things like decide if remote user X is you or a hacker trying to get to the forwarded port.


----------

