I don't know if it is possible but I want to know if someone connected on your LAN can send a file to you by just knowing your LAN IP addresses. I mean without you putting the computer in listening state at a specific port?
Asked
Active
Viewed 1,497 times
2 Answers
0
No, if the computer isn't listening on a port then it will just drop the received packets. You can send as many packets as you want, but the destination computer will just drop and ignore them.
The operating system you're using might enable some software that listens to certain network ports by default, but then the computer is put in a listening state on a specific port. Just not manually by you, but by your OS vendor.
Sander Steffann
- 4,802
0
TL;DR: Yes, data can be sent to a non-listening port of your computer, but it's useless. And it can't be done from outside your home/office/swhool/whatever.
There two aspects to this:
Your LAN isn't routed from the Internet. No LAN is. If I tried to send data to a random LAN IP address, like
10.42.17.172, this data wouldn't find its destination because Internet routers would litterally say "Hey, I'm not paid for that!" and put it in the trash. The only way data can be routed to a LAN IP is if that IP is in the same LAN as the sender.Data sent to a non-listening port is either discarded or explicitely refused. By default, if you send data to a non-listening port, your computer will politely tell you that it doesn't care. Other configurations can have it snob you (like
iptables -P INPUT DROP).
The only way this can cause harm is if an attacker targets a known vulnerability of your OS, regarding to its handling of unwanted incoming IP packets.
EDIT: As pointed out by Sander Steffman, this is not true for all LANs. I generalized to a LAN what actually applies to the private IP range. A LAN that does not use these IPs will be routed to from the Internet, this is what allows webservers to do their job (they are in the datacenter's LAN, but still reachable from the Internet).
Most of the software on a home computer (like avast! or Firefox) will not actually listen to a port (or only allow connections from the same computer) to access a network resource, and they will use ports randomly attributed by the OS. Sending malicious data this way is harder for a third party, since they will have to impersonate the resource you are communicating with.
Listening ports wait for incoming connections, that can come from anywhere. They are created by sever programs like Apache or SSHD. However, they will only work if the data they receive is the data thjey expect, that is, if I use the correct protocol. If I try to communicate with Apache using the SSH protocol, I won't get anything useful out of it. Well made programs will properly refuse erroneous data.
Nathan.Eilisha Shiraini
- 2,674