Is port forwarding safe? If so, how safe?

712 views

I want to setup port forwarding for a Minecraft server I have so that others can access it ,but I’m not sure how safe it is. Can anyone shed some light on this?

In: Technology

The safest server is a server that is inaccessible, however that isn’t a very useful server.

If you’re self-hosting a Minecraft server, forwarding ports is a necessary action to allow other people to connect to your server. You wouldn’t be able to self-host otherwise. The danger in open ports comes from people sending illegitimate data to the port to exploit whatever program is listening on the other side of it.

If someone were to exploit the port you had open for your Minecraft server, their attack would be limited to targeting the flaws in how Minecraft receives and processes network traffic.

So could an attacker send you viruses and take control of your computer because you have a port open that Minecraft is listening on? Most likely not. If they had some knowledge of a bug that exists in Minecraft, they could possibly exploit it, but even then the amount of damage they could do would be limited.

Port forwarding would not be needed at all if the single and properly configured computer were directly connected to the modem, rather than with the middleman of a router.

The function of the router is to give you a single IP address – four numbers in form xxx.xxx.xxx.xxx – and let that single address serve internet to multiple computers rather than just one. (If you look, your modem will have only one Ethernet network connector, and your router probably several.)

The router doesn’t really do active server sorts of things itself, though, so if there is more than one computer, that HTTP request through the router must have answered: requesting from which machine, exactly?

Your computer probably has Windows Firewall already going, to keep the actual safeties in check by questioning you whenever any of your programs asks to communicate on the Internet. The router’s firewall, into which is put the permissions of port forwarding, is less for security and more to answer: to which machine?

It’s as secure as the server software is. If the Minecraft server is breached, so could that host machine and your network.

If you’re terribly concerned about it, you could have you and your friends create a VPN using ZeroTier and connect through the private network that way. This way, your ports are only exposed to the handful of machines granted access to the virtual network instead of literally any machine on the internet. Additionally, your traffic would be encrypted between clients and your host.