It has been a while since I put this up: All links to products may contain referral program URLs that do benefit me when you make a purchase. I will also try to always make it clear whether or not I have hands on experience with the exact product being linked.
Generally I have found that most home based routers apply in the following order: (note this is almost identical to corporate routers/firewalls as well)
Dynamic NAT (Web browser to a website like YouTube)
uPNP (Not available on any corporate grade firewall I have ever seen)
Port Forwarding (should never be needed unless the game uses its own local server)
I do know that some console games actually host the game on a client device. This is where opening these may be required but is generally not needed. Most of the time there is a host console that opens a connection to the authentication servers and all data is passed using it as an intermediary so that no port fowarding is required.
I started looking at some of this the other night when a player in my party found some posts on the internet about changing your MTU to get PSN to work. I also informed him that was not a good idea as it could cause a lot of extra packet fragmentation and lead to other problems if applications are expecting to send data in certain sized packets. I honestly don't know why changing the MTU would matter. The only time the MTU is hit is if the data being sent is larger than that but authentications to and from Sony should all be under that size. Unless there was some other wrapper being placed on the packet to help slow down the DDoS that was going on MTU is not a big deal. I am honestly surprised things like the PS4 don't support jumbo frames which allows you to use an MTU of 9000. The problem with jumbo frames is that most ISPs will have to split your jumbo frame anyway. The strain of the conversion though is then placed on your router when it talks with the providers equipment and your small SoHo Router might not have the power to split up those frames. Getting 6 times the data in a packet though is a great thing to have if your gear supports it. I have not personally tried to set the MTU on my console higher than the default.
I am probably going to re-enable uPNP at home so that I can see what ports Destiny actually asks to have forwarded. Again I leave this off on my gear because I feel uPNP is easily exploitable and poses a major security threat. I have seen botnets that use uPNP to open ports and then start listening for commands from control servers on the ports. Malicious applications have the ability to do all kinds of bad things when you have uPNP enabled. uPNP is a way to unlock or open a door if you will without permission. It works like a standard door on your house. Most can be locked from the outside but anyone inside can turn the knob and leave freely, except uPNP is like opening that door wide open and leaving it wide open while you walk back and forth to the grocery store to get everything you need. Also if an application crashes it generally doesn't send the command to close the door. There is also little to no security on what can request a port be opened. The uPNP packet just needs to be formatted correctly to the device and it says sure here you go. Kind of like having a party and 1 friend opens the door to let 300 more in and that keeps going. A malicious or even poorly written application could quite literally open your computer so that every piece of unsolicited traffic on the internet flows to it. It could turn your PC into a DMZ. DMZ is a whole other thing that used to be the way to make video games work before some genius thought up uPNP. There have been documented malware instances of websites on the internet using flash on your PC to open a port on your firewall just visiting a webpage. The information for your computer is transmitted when the http request is sent. Now the attacker knows where you are. The flash object can then open a multitude of windows ports that are used for things like sharing files or printers on your network. Windows for instance by default used to have remote registry editing turned on by default. If you use an elevated account on your home PC with no password on it which far too many people do now the owner of the malicious site knows how to get to you and can see your registry and start making changes to applications that start with your computer or they can disable your firewall and the notifications that would normally warn you. I could go on for hours about the types of things that can be done but I think you get the point.
I wish sites like http://portforward.com would take the time and do proper research on these items. I also wish software publishers like Bungie would do the same. If their networking staff is anything like me they cringe when they read things like the linked article. When they say open on your firewall they do not mean forwarded. They just mean that you cannot have a rule explicitly blocking traffic from that port. Most people will never run into having something like that as almost all home use routers allow outbound traffic on all ports and allow inbound on none. This is a fairly secure way of doing things. Most home use routers even block ping requests to help hide you online. If a game used FTP to get update files for instance you would not need to forward 21 to machine because it is not the server. The request is generated on a high numbered port and sent to port 21 on the server side. Traffic comes back from the server on port 21 to the high level port your system used. This traffic keeps up and eventually shortly after the transfer is complete your router clears the NAT translation and if the FTP server wanted to send you another file without you asking for it the transfer would fail. If you want to make sure no one or device on your network can download something from an ftp server then you block all traffic with a destination port of 21.
If I remember I might follow up on this after I enable uPNP and monitor the device that I use. If you are interested in any of this information in greater detail, even though there is already a lot here, let me know.
Do not forward all of these ports to your PS4 that is not what the developer meant by "open" in their support guide. Disable uPNP as fast as you can. Find a better site with real experienced information on the requirements if any for port forwarding
- Athens High School2001
Violation found on No. 48; Knaus faces penalty - Feb 18, 2012 - NASCAR.COM
Jimmie Johnson's crew chief is facing potential penalties after body pieces on his Daytona 500 car were confiscated by NASCAR officials Frid
I tried to watch Game of Thrones and this is what happened - The Oatmeal
I tried to watch Game of Thrones and this is what happened. A big thanks to my friend Rebecca for coining the term "CuntHammer" wh