P2P == unblock ports, or create program exception?

[nweissma]

i will risk being ostracized for asking an heretical question about security on a Windows platform.

Installing a P2P client, Halite. Usual dilemma: P2P program wants to unblock ports, MS urges against it. MS's philosophy is that it is safer to open an exception for this program rather than open the port, arguing that if i open the port then the port remains open always, even if the P2P program is not running.

Please offer a strategy, and an explanation to support it.

[super-biscuit]

The port remains open.
Add an exception to the firwall for the program and make sure that the download folder does not have access to the rest of the system.
To be honest, you're better off running file sharing apps through linux or another nix rather than windows.

[coopstah13]

is this machine connected directly to the internet or through a router? most modern routers have a function called UPnP and if the torrent application supports it, it will automatically open a port on the firewall for it and then close it when you're done

[nweissma]

is this machine connected directly to the internet or through a router? most modern routers have a function called UPnP and if the torrent application supports it, it will automatically open a port on the firewall for it and then close it when you're done

thanks for this response. the router that i have does not have the UPnP feature.

noob question: how can a soho computer be connected "directly" to the internet (presumably this means without using a router)?

[coopstah13]

just plug the cable modem directly into the computer..

[nweissma]

just plug the cable modem directly into the computer..

Thanks! i never realized that a connection could be made without a "router"! what are the consequences of doing this, of bypassing the router?

btw, Mr. O'Callaghan, creator of Halite, answers:

There are usually 2 obstacles to a program receiving incoming connections,
first is a local firewall and 2nd is a NAT router.

The Microsoft advice is in reference to local firewalls as best I
understand and yes adding Halite as a program exception rather than
permanently unblocking a port would be my recommendation too.

When it comes to NAT ideally it will support UPnP or NAT-PNP, this may but
supported but disabled in the default configuration. Checking the relevant
option in Halite setting means that Halite will take responsibility for
asking your router to forward the necessary port and the major advantage
to this is that you can then allow Halite to randomise the port it uses for
added security.

If the router doesn't support that then you'll need to manually forward a
port of your choosing and tell Halite to listen on that port.

Under either setup regarding the router, using a program exception on the
firewall side is still one to go for in my opinion.

many of these terms are alien to me, so if someone here can explain the concepts in plain, intelligible, comprehensive english, so that even a dumb noob like me can understand, then i'd be grateful

[coopstah13]

the basic jist of it is to pick a port above 1024, and then you have to forward that port on your router to your IP address, then tell your torrent client to use that

if no service is listening on your port you shouldn't have any problems