Office of Information Services

Viruses

Ports and Services

Computers rely on services to send information between each other through ports. A "service" is a small program running in the background that recognizes and interprets information sent via standard protocols. For example, a Web service will recognize the HTTP protocol and allow Web traffic to pass from a Web server to a PC browser. Services listen to and speak to ports.

A "port" is a software connector that works very much like your PC’s hardware printer or keyboard connector. It sends one type of information from one place to another. For example, Web traffic travels between computers through port 80.

Of the more than 65,000 ports that are available for use, fewer than 200 are used for legitimate purposes by most computers. Unused ports are appropriated by malicious software. Viruses install rogue services and then communicate with the hacker over these ports.

A firewall can block access to unneeded ports from the Internet; however, it cannot block port traffic from inside the local area network. An infected computer on the LAN can spread malicious software to other PCs behind the firewall. To prevent this kind of exploitation, unnecessary ports and services on each PC must be individually be disabled. This will help protect the LAN and all PCs from internal threats that firewalls are powerless to control.