I have tried to portforward before, but my mom says that it can get into her computer. I am using a laptop, her computer is downstairs. She says that people can hack into her computer and steal data. I have heard the only risk is the computer that is linked to the port can get hacked.
I have used Hamachi instead of portforwarding, she is still saying every PC connected to the network can still get hacked, and data can get stolen.
Can you prove that my mom's computer could get compromised. I have told her that Hamachi does not require a port forward, she is still worried/convinced that every computer on the network could be at risk.
My mom is very inexperienced with technology. So, please dumb it down so when I show this to her to prove that only my computer is a risk, she can let me host a server with Hamachi.
With port forwarding, the only way that code could be remotely injected was if there was some vulnerability in the server running on the open port. There currently are no known vulnerabilities in the Minecraft server, nor have there been any.
With Hamachi, it basically adds the conntected computers to the local network, allowing anyone connected to view shared devices, and potentially brute force into any computer and compromise data.
To be perfectly honest and straightforward, the only safe computer is one that is not turned on and doesn't have network access.
That being said, what Syfaro said is accurate. In my opinion and experience, a machine is more likely to be compromised by web browsing using Internet Explorer and clicking on everything that appears on the screen than running a minecraft server with the one single port opened for players to connect.
Rollback Post to RevisionRollBack
Former Support Guru and bukkit admin, master of the I-have-little-time-so-I-drive-by-post style.
Please don't PM me for help, PM's don't help the community at large as it's not publicly viewable.
Use pastie or pastebin for config files, I do not download them.
To be perfectly honest and straightforward, the only safe computer is one that is not turned on and doesn't have network access.
That being said, what Syfaro said is accurate. In my opinion and experience, a machine is more likely to be compromised by web browsing using Internet Explorer and clicking on everything that appears on the screen than running a minecraft server with the one single port opened for players to connect.
The reason why my mom says no is because she was convinced by a friend that when I port forward my router, all the computers connected to that network is at risk. When I port forward, I set the port to direct to my computer. She is still scared. She is a person that types out things for doctors, therefore having sensitive data. She has to follow hipaa laws. I don't know if I port forward, will my computer be at risk or will all the computers connected to the network be at risk?
Anyway around this, like using a different router than the one my mom uses (my own) or something so that that router is connected to my computer instead of hers? What should I do?
I am using my own laptop, she has her own computer.
They are at more of a risk, it's just that the increased risk of running a Minecraft server is almost nothing.
When you port forward, you allow the router to send your computer data. Only the computer that is configured in the port forwarding configuration can get this data. The problem is, that if someone found a vulnerability in the server that allowed the hacker access to a shell of some kind, they could use that computer to attempt to retrieve data from the network. The computer that is port forward would be at the same risk . The likelihood of something like this happening is a billion to one, there currently are no known vulnerabilities in either Java or Minecraft that would allow something of this nature to take place. The only way to remove the risk of this potentially happening, would be to totally separate the two computers from the same network.
If your mother really doesn't want you to port forward, then you can easily get a server for like $2-3 a month.
Also, if your mother is so paranoid about her data, she should be encrypting it anyway. A simple virus could retrieve any plain text data and log its contents.
When you port forward, you allow the router to send your computer data. Only the computer that is configured in the port forwarding configuration can get this data. The problem is, that if someone found a vulnerability in the server that allowed the hacker access to a shell of some kind, they could use that computer to attempt to retrieve data from the network. The computer that is port forward would be at the same risk . The likelihood of something like this happening is a billion to one, there currently are no known vulnerabilities in either Java or Minecraft that would allow something of this nature to take place. The only way to remove the risk of this potentially happening, would be to totally separate the two computers from the same network.
I wish to clarify this, because what Syfaro was was exactly correct, however he used some technical language that can be hard to understand sometimes.
If nothing is set up, (meaning no Hamachi and no port forwarding) your router is still there. If I am looking in the internet, and I get your Ip address, then I can see your router... but because the router isn't dealing with port forwarding, and Hamachi is not set up, then anything I do will probably be ignored by your router... It won't do anything if you don't tell it. You are still prone to things you click and download, but any virus's/hackers that try to get in will have to go through someone on your network, such as "click this link to download this thing". Basically, if the router is not configured, then the risk of you not knowing you are being hacked is close to zero.
If you of course download a virus and ran it, then you're still at that risk, but you'll probably figure out what happened at that point. Lets see if it's any more dangerous to port forward, or run Hamachi instead.
Port Forwarding:
If you do tell your router to port forward, then when I run communications through your Ip address, your router actually takes notice. It asks: Is this a piece of information for Minecraft (labeled port 25565 TCP/UDP)? If I send your IP some information for Minecraft, then your router will notice. (Oh hey, that guy has some stuff labeled 25565... I better move that.)
Now it will ONLY move that stuff to the computer you told it too. Your server will see: "hey, some guy said something using 25655, lets move it to that laptop around here..." Meaning if I send any data, and I tell your router that it's along 25565, it will eventually end up at the Minecraft server.
What is the worry then? Because the router is only looking at 25565, it doesn't really care what data is actually being sent... It just knows that the data has the number 25565 and that any data like that needs to go to the server.
So is there a risk? Actually... No. Even if I was trying to attack/hack your home network through your Minecraft server, my only course of action was to send information along 25565 directly to Minecraft. Basically, I'm talking to a program that runs Minecraft. Can I do anything? Sure... I can play Minecraft, because that's what the server expects me to do... If I send an attack, or try to send anything except Minecraft data, it will most likely ignore me, or send me a response back telling me I'm not sending the right data to play Minecraft.
The only loophole in this example is if Minecraft was broken in some way. If there was a way for me to send requests to your Minecraft server, and have it do something unexpected then I might be able to do something harmful. But remember, I can only send it data along 25565, and that data gets sent directly to your Minecraft server. If I could somehow ask the Minecraft server to download a virus and install it for me, then you would be at risk. But the Minecraft server is secure enough that this cannot happen.
Hamachi:
Hamachi is actually a less secure connection. A connection like Hamachi can in effect, place my computer In your home network. While it still isn't a walk in the park, the possibility that your home network could be compromised is significantly increased. This is because I'm first placing myself in your home network, then choosing to talk to Minecraft myself. The router has no control anymore. I could join the Hamachi network, and try and talk to the other computers on the home network instead of playing Minecraft. (There are still a couple of security walls that's I'd have to get through, but with enough time and computer power, they could be broken)
Conclusion:
You are always putting yourself at a slightly greater risk when you open up something to the internet, however when Minecraft is concerned, the risk is easy to manage.
If you are port forwarding, then there is not much worry about:
1. Information I send goes to your router
2. The router looks at the port I'm using (It better be 25565, or it ignores it)
3. The router moves my information directly to the server
4. The Minecraft server will take that information and either ignore it, or try to process it if it's for minecraft.
This solution leaves me feeling safe and comfortable
If you are running Hamachi, then I would actually have a couple of worries:
1. Any computer that connects to Hamachi now acts like someone connected another desktop computer in your home.
2. If that computer wanted to play Minecraft, they could do so, but they don't have to. Remember the router isn't in control here, so the person sending information doesn't exactly have to use port 25565 and they can talk to other computers other than the Minecraft server
You should still respect your Mother's decision, however from a technical standpoint, any data on her computer is quite safe. To testify, I've been running a Minecraft server for about 3 years now and have no complaints or worries yet.
Edit: My home network is port forwarding Port 25565 to the server.
Port forwarding to your home machine is ok but I have one question on that on... all your players connecting will only connect at the maximum speed of your uplink speed correct? So for all home servers, arent you rather limited not by processing power by rather link speed? If you are just playing with a couple of friends then I doubt if you'd notice but if you have a lot of users, I think you'll definitely get problems. I've not tried it so I cannot say myself.
While this speed can be an issue, you'll have to get upwards of 10 or 20 connections before your connection speed might be an issue on a personal Machine. Installing an peripheral network card (say a 10 GB/s) adapter will probably solve that issue, and leave your processor as the bottleneck... (Or interestingly enough... maybe even your Hard drive)
And actually... . Users should always be wary when installing a mod... especially if they don't know what it does.
What I was wondering about was the actual link speed on the WAN side of your home router. Its not going to be even 100mbps, typical ADSL UK connections I think would be about 1Mbps (upload) with say 30Mbps (download), incoming connections would have to pull data back from your server (chunks in minecraft - sorry for my lack of knowledge here?) and they would all content across that 1m upload link. Am I right or am I missing something here?
Do you know when you log into a server, and you see that brief message "Downloading world"
That's what your talking about... It's not very large, or draining on an internal network's upload... although yes, given enough players you might find that to be an issue.
If you don't trust Hamachi and your mom doesn't want you to open a server, just purchase a server host for cheap, maybe 5 dollars a month at cheapest, which is the most reliable and the least risky.
I have used Hamachi instead of portforwarding, she is still saying every PC connected to the network can still get hacked, and data can get stolen.
Can you prove that my mom's computer could get compromised. I have told her that Hamachi does not require a port forward, she is still worried/convinced that every computer on the network could be at risk.
My mom is very inexperienced with technology. So, please dumb it down so when I show this to her to prove that only my computer is a risk, she can let me host a server with Hamachi.
Thanks.
With port forwarding, the only way that code could be remotely injected was if there was some vulnerability in the server running on the open port. There currently are no known vulnerabilities in the Minecraft server, nor have there been any.
With Hamachi, it basically adds the conntected computers to the local network, allowing anyone connected to view shared devices, and potentially brute force into any computer and compromise data.
That being said, what Syfaro said is accurate. In my opinion and experience, a machine is more likely to be compromised by web browsing using Internet Explorer and clicking on everything that appears on the screen than running a minecraft server with the one single port opened for players to connect.
The reason why my mom says no is because she was convinced by a friend that when I port forward my router, all the computers connected to that network is at risk. When I port forward, I set the port to direct to my computer. She is still scared. She is a person that types out things for doctors, therefore having sensitive data. She has to follow hipaa laws. I don't know if I port forward, will my computer be at risk or will all the computers connected to the network be at risk?
Anyway around this, like using a different router than the one my mom uses (my own) or something so that that router is connected to my computer instead of hers? What should I do?
I am using my own laptop, she has her own computer.
When you port forward, you allow the router to send your computer data. Only the computer that is configured in the port forwarding configuration can get this data. The problem is, that if someone found a vulnerability in the server that allowed the hacker access to a shell of some kind, they could use that computer to attempt to retrieve data from the network. The computer that is port forward would be at the same risk . The likelihood of something like this happening is a billion to one, there currently are no known vulnerabilities in either Java or Minecraft that would allow something of this nature to take place. The only way to remove the risk of this potentially happening, would be to totally separate the two computers from the same network.
If your mother really doesn't want you to port forward, then you can easily get a server for like $2-3 a month.
Also, if your mother is so paranoid about her data, she should be encrypting it anyway. A simple virus could retrieve any plain text data and log its contents.
I wish to clarify this, because what Syfaro was was exactly correct, however he used some technical language that can be hard to understand sometimes.
If nothing is set up, (meaning no Hamachi and no port forwarding) your router is still there. If I am looking in the internet, and I get your Ip address, then I can see your router... but because the router isn't dealing with port forwarding, and Hamachi is not set up, then anything I do will probably be ignored by your router... It won't do anything if you don't tell it. You are still prone to things you click and download, but any virus's/hackers that try to get in will have to go through someone on your network, such as "click this link to download this thing". Basically, if the router is not configured, then the risk of you not knowing you are being hacked is close to zero.
If you of course download a virus and ran it, then you're still at that risk, but you'll probably figure out what happened at that point. Lets see if it's any more dangerous to port forward, or run Hamachi instead.
Port Forwarding:
If you do tell your router to port forward, then when I run communications through your Ip address, your router actually takes notice. It asks: Is this a piece of information for Minecraft (labeled port 25565 TCP/UDP)? If I send your IP some information for Minecraft, then your router will notice. (Oh hey, that guy has some stuff labeled 25565... I better move that.)
Now it will ONLY move that stuff to the computer you told it too. Your server will see: "hey, some guy said something using 25655, lets move it to that laptop around here..." Meaning if I send any data, and I tell your router that it's along 25565, it will eventually end up at the Minecraft server.
What is the worry then? Because the router is only looking at 25565, it doesn't really care what data is actually being sent... It just knows that the data has the number 25565 and that any data like that needs to go to the server.
So is there a risk? Actually... No. Even if I was trying to attack/hack your home network through your Minecraft server, my only course of action was to send information along 25565 directly to Minecraft. Basically, I'm talking to a program that runs Minecraft. Can I do anything? Sure... I can play Minecraft, because that's what the server expects me to do... If I send an attack, or try to send anything except Minecraft data, it will most likely ignore me, or send me a response back telling me I'm not sending the right data to play Minecraft.
The only loophole in this example is if Minecraft was broken in some way. If there was a way for me to send requests to your Minecraft server, and have it do something unexpected then I might be able to do something harmful. But remember, I can only send it data along 25565, and that data gets sent directly to your Minecraft server. If I could somehow ask the Minecraft server to download a virus and install it for me, then you would be at risk. But the Minecraft server is secure enough that this cannot happen.
Hamachi:
Hamachi is actually a less secure connection. A connection like Hamachi can in effect, place my computer In your home network. While it still isn't a walk in the park, the possibility that your home network could be compromised is significantly increased. This is because I'm first placing myself in your home network, then choosing to talk to Minecraft myself. The router has no control anymore. I could join the Hamachi network, and try and talk to the other computers on the home network instead of playing Minecraft. (There are still a couple of security walls that's I'd have to get through, but with enough time and computer power, they could be broken)
Conclusion:
You are always putting yourself at a slightly greater risk when you open up something to the internet, however when Minecraft is concerned, the risk is easy to manage.
If you are port forwarding, then there is not much worry about:
This solution leaves me feeling safe and comfortable
If you are running Hamachi, then I would actually have a couple of worries:
You should still respect your Mother's decision, however from a technical standpoint, any data on her computer is quite safe. To testify, I've been running a Minecraft server for about 3 years now and have no complaints or worries yet.
Edit: My home network is port forwarding Port 25565 to the server.
While this speed can be an issue, you'll have to get upwards of 10 or 20 connections before your connection speed might be an issue on a personal Machine. Installing an peripheral network card (say a 10 GB/s) adapter will probably solve that issue, and leave your processor as the bottleneck... (Or interestingly enough... maybe even your Hard drive)
And actually... . Users should always be wary when installing a mod... especially if they don't know what it does.
Do you know when you log into a server, and you see that brief message "Downloading world"
That's what your talking about... It's not very large, or draining on an internal network's upload... although yes, given enough players you might find that to be an issue.
Good point!
ring a ding ding baby.