VPN open's unwanted ports

G70P

Dear Bitdefender Team / research team. I'm struggling to understand the best protection possible to my devices?! Wonder IF I could get some professional enlighten. So, I'm using an external router with a firewall dropping external requests to ports (not netgear) and I'm using a windows sandbox with VPN turned on (doesn't matter where). Well happens that if I run a port test (eg. speedguide) with VPN on, despite the fact of being in a VPN public IP, the test shows vulnerable open ports. If in the other hand I shut down VPN, my router firewall is port protecting me not allowing responses from ports to tests, although I'm in my ISP's public IP. So what concernes me most and would like to ask is:

1. how easy is to break HOTSPOTSHIELD cripto and get in the ports, this after Virtual IP location (of course)?

2. Is it safer to: have ports closed despite being in ISP public IP; or have the ports open although using a virtual public IP bought by Bitdefender?

3.What's the point to bypass ISP IP public surveillance over having vulnerable ports open by your premium VPN? 😒🚷

Jaswinder001

Seeing the same issue when I connect through VPN. Some ports are open. However, when connected with the VPN off there are no ports open at all.

Alexandru_BD

Hello @Jaswinder001,

Thanks for reviving this thread, I notice that a response has not been provided yet, and I feel a clarification is needed here.

In simple terms, when the VPN is OFF, it tries the ports of the home computer, but when the VPN is ON, it actually tries the ports of the VPN server. In absolute theory, we would be led to believe that it's safer to have closed ports than open ones, but in practice the situation is as follows: the ports cannot be attacked themselves, in reality the actual services on the device that can run on the respective ports would be attacked, however, in order to gain access you need to authenticate in those services, which is improbable and could only happen if the services are configured extremely badly. The ports themselves do not represent a vulnerability, but rather the services present on the device, especially those that are exposed to the Internet.

Besides that, a VPN server has many other layers of security compared to a home device, which makes an eventual attack more improbable if not impossible, regardless of whether there are open ports or not.

I hope the information brings more clarity on this matter.

Regards,

Alex