We must first quickly review Transfer Control Protocol (TCP), Internet Protocol (IP), HyperText Transfer Protocol (HTTP) and Computer Port Numbers, keeping in mind that all standard Internet communication is done with HTTP, TCP and IP.

HyperText Transfer Protocol is the underlying protocol used by the World Wide Web (WWW). HTTP defines how messages are formatted, transmitted and what actions World Wide Web servers and browsers should take in response to various commands. For example, when you enter a URL (web site) with your browser, this actually sends an HTTP command to the particular World Wide Web server in question and directs it to fetch and transmit the requested web page.

The terms the World Wide Web and the Internet are NOT interchangeable;

The Internet is a massive network or a network infrastructure. It connects hundreds of millions of computers together, globally, and forms a network in which any computer can communicate with any other computer as long as they are both connected to the Internet. The information that travels over the Internet does so via a number of different computer languages known as protocols.

The World Wide Web is a way of accessing information over the Internet. It is an information-sharing model that is built on top of the Internet. The World Wide Web uses the HTTP protocol to transmit data. The World Wide Web also utilizes browsers, such as Internet Explorer^®, Firefox^®, Opera^® or Netscape^®, to access computer documents called web pages and these are linked to each other via hyperlinks. Web pages as you already know can contain graphics, sounds, text and video.

There are two different kinds of computer ports.

The hardware ports are the physical ports on the front and back of a computer for connecting peripheral hardware devices. They include serial ports, parallel or printer ports, mouse and keyboard PS2 (IBM^®) ports, SCSI ports (Small Computer System Interface), FireWire^® ports, USB (Universal Serial Bus) ports and Ethernet ports.

The second are the Internet part numbers and these are what we need to discuss here.

An Internet port number is a number which defines the listening point or endpoint inside the receiving computer. The Internet uses a client-server rules concept called HyperText Transfer Protocol (HTTP) and the default port number for HTTP is defined as 80. Thus a port number is associated with a particular service or conversation happening on that computer. We have compiled a list of the standard computer (Internet) port numbers.

Transfer Control Protocol (TCP) breaks up the messages or data into a series of short packages or packets whose length is defined by the network. The most important benefit of this is speed as the packets are small and the communication links between each of the nodes are only allocated for very short periods of time and only for the transfer of one packet. Each packet of data is therefore transmitted by the source computer to the receiving computer through a number of in-between computers called nodes.

Even though we usually refer to a "connection" between the computers, this "connection" is, in reality, made up of individual packets of data traveling between the "connected" computers and the packets take may all be different routes. Essentially, the computers "agree" by TCP that they are "connected" and each destination or receiving computer sends back an "acknowledgement packet" of data to let the sending machine "know" that each transmitted data packet was received correctly. This is why you see both the "transmit" and "receive" LED lights flashing on your modem when you upload or download files.

Thus each packet of data must contain:

      (a) The address or Internet Protocol (IP) number for the receiving computer.
      (b) The correct port number for the receiving computer.
      (c) The address or Internet Protocol number of the sending computer.
      (d) The correct port number of the sending computer.

TCP also guarantees delivery of the packets and guarantees that the packets will be delivered in the same order in which they were sent.

There are also a couple of other things that you should also be aware of at this point:

      (a) Non-secure packets can be copied and decoded during their journey. They are vulnerable at each node and wherever the non-encrypted data is transmitted wirelessly.
      (b) Hackers can create use a false IP number and this is called spoofing.

As we just learned, a packet must contain the address (IP Number) and the port number of the destination or receiving computer and the address (IP Number) and the port number of the transmitting or sending computer. Internet Protocol specifies both how the packets are formatted and the addressing scheme and Internet Protocol is combined with the higher-level TCP protocol to establish the "virtual connection" between both the destination and source computers. Internet Protocol by itself is therefore something like a postal system. It allows you to address a package and drop it into the system, but there's no direct link between you and the recipient.

One of the more interesting things about IP numbers is that dial-up internet users get a new IP number every time they log on whereas broadband internet users have the same IP number for relatively long periods of time. This makes it far easier to find or to track any particular broadband Internet user.

Because of the changeability and the limited supply of IP numbers, there is a permanent machine number assigned to your computer (Or router in the case of a single or multiple computers behind the router.) by your ISP. This is called the Reverse Domain Name System ("rDNS").

Many people find it difficult to understand the terms Domain Name System ("DNS") and Reverse Domain Name System ("rDNS"). It is however very easy if you think of it this way:

The Domain Name System (DNS) resolves domain names into associated IP addresses.
The Reverse Domain Name System (rDNS) is a method of resolving IP addresses into domain names.

This is where you can find your "rDNS" Number ( To close this window, left click on the "X" at the top right-hand corner of the window.) The line identified as "Your Name Is" is in reality your "Machine Name" or "rDNS" number. The end of your "rDNS" number usually shows your ISP's domain name (If it isn't there, that's great!) and all of the subscribers to your ISP will have this very same information at the end of that line.

A destination or receiving computer's firewall program inspects each and every packet of data as it arrives and BEFORE it is "seen" by all other software running on that computer. Thus the software firewall has total veto power over the receiving computer's actual receipt of data coming from the Internet. An HTTP TCP/IP port is only "open" on the receiving computer if the first arriving packet of data (which "requests" the establishment of a "virtual connection") is answered by the receiving computer. If that first arriving packet is ignored, port 80 on the receiving computer effectively disappears from the Internet and no one or nothing can connect to it.

The real power of a firewall is derived from this ability to be selective about what it lets through and what it blocks. Since every arriving packet must contain the sender's IP Number, so the receiving computer can send back a receipt acknowledgement, the firewall can be selective about which packets are admitted and which are dropped.

In other words, the firewall can "filter" the arriving packets based upon any combination of the senders IP number and port number and the receivers IP number and port number. This is called Stateful Packet Inspection (SPI).

For example, if you were running a web server and needed to allow remote machines to connect to your machine on port 80, the firewall could inspect every arriving packet and only allow connection initiation on your port 80. New connections would be denied to all other ports. Even if your system had accidentally been infected with a Trojan Horse virus program which opened a new number, a Trojan listening port, to the outside world, no passing Trojan scanner could detect or know of that Trojan's existence since all attempts to contact the Trojan inside your computer would be blocked by the firewall!

Now suppose that you wished to create a secure "connection" across the Internet to allow your home and office computers to share their files without any danger of unauthorized intrusion. Firewall technology also makes this possible. You would first instruct the firewall running on your office computer to permit connections on the NetBIOS file sharing ports 137-139 but only from the IP number of your home computer. Likewise the firewall running on your home machine would be instructed to permit connections on ports 137-139 but only from your office computer's IP number. Thus, either machine can "see" the other's NetBIOS ports, but no one else on the Internet can "see" that both machines have established such a secure "tunnel" across the Internet. This is called a Virtual Private Network or VPN. A VPN however is not encrypted so wireless networks can still be a security issue and spyware and virus key loggers on the sending and receiving computers can still report what you have typed in real time to others.

But what happens when you originate your own connections to other computers on the Internet?

When you surf the web you need to connect to web servers that may have any old IP number and you wouldn't want those computers blocked just because you want to block everyone else from getting into your computer. Since each end of an Internet "connection" always sends back an "acknowledgement packet" of each other transmitted data, the very first packet from the server acknowledges that you are "visiting" their web site because the server already "knows" your present IP number as we showed above.

In other words, a firewall can easily "determine" whether an arriving packet is initiating a new connection, or continuing an existing connection. Thus packets arriving as part of an established connection would be allowed to pass through the firewall but packets requesting new connection attempts would be discarded. Therefore, a firewall permits the establishment of outbound connections while blocking any NEW connection attempts from the outside.

Another example of the power of a high-quality firewall is "application level" filtering and response. One of the biggest problems with Microsoft's file and printer sharing is its lack of ability to prevent password crackers from pounding away on a password until it is broken. An intelligent application level firewall however will monitor what's happening on port 139 (where password protection occurs) and step in to completely block an offending remote computer. Moreover it can automatically "black list" the originating IP number and completely prevent any and all access from that outsider for a defined period of time.

Software firewalls are extremely effective but they are only as strong as the operating system itself so they can be breached by a really determined and expert hacker. They can also be breached in other ways as you will learn in the following sections.

In today's world we recommend that everybody have at the very least a good software firewall and we highly recommend the free version of Comodo Free Firewall Pro by the Comodo Group for Windows 2000/XP/2003 and Vista) We also recommend against the sole use of the Windows XP^® firewall which is weak and BlackICE ^® which has been defeated in the past many times.

Routers, when used in the home for Internet applications, are simply small hardware devices which allow a number of computers to all be connected to the same high speed Internet connection and all new home use routers today use Network Address Translation (NAT) technology and Stateful Packet Inspection (SPI) technology. NAT routers can either be wireless (which are very popular at the moment) or hard wired (which are faster and far more secure). Routers forward data packets along networks and a router is connected to at least two networks (For example your home network and the Internet).

More specifically, a router connects two local area networks (LANs), two wide area networks (WANs) or a LAN and its Internet Supply Provider's network. (The latter as already mentioned is commonly is found in a home.) Routers are also located at gateways. A gateway connects two computer networks that use different protocols (computer languages). A gateway translates between protocols so that the computers on the connected networks can exchange data. An example of this would be a commercial online service having a gateway for sending e-mail to Internet addresses on Windows computers, Apple computers and Unix computers.

Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as Internet Control Message Protocol (ICMP) to communicate with each other and to configure the best route between any two host computers. ICMP is an extension to the Internet Protocol (IP) which is used to communicate between a gateway and a source host thereby managing errors and generating control messages. Very little filtering of data is done but all new routers for home use today use Network Address Translation (NAT) and thus Stateful Packet Inspection (SPI).

Routers employ NAT and Stateful Packet Inspection (SPI) technology to assign a special local IP address to each of your local area network computers and then convert these numbers to the IP number assigned by your ISP when data is transmitted onwards. Thus when the router receives a data packet from one of your local area network computers and forwards it on to the Internet, the receiving computer, has no idea of the actual local IP address of your networked computer so your computer is totally hidden and truly safe from prying eyes.

If the router receives an unsolicited data packet from the Internet, it cannot be forwarded (routed) to any of your local area network computers because the special local area network IP number is unknown. Instead, the unsolicited data packet is dropped and any outside computer system interprets this as if your IP address is shut down (Your computer and router are turned off.) or not even assigned to you by your ISP. This is why a router is also called a hardware firewall and it is incredibly effective.

The Stateful Packet Inspection (SPI) technology in the router quite simply inspects individual incoming data packets to make sure they correspond with an outgoing request. Unsolicited and possibly harmful packets are rejected (dropped) by the router and this method of deleting a packet of information is often referred to as Stealth Mode.

(1) Any firewall can be defeated if one of your local area network computers is logged on with an IRC client such as Windows Messenger^®, MSN Messenger^®, IRC^®, AOL Instant Messenger^® or ICQ^®. In these cases your computer is "directly connected" to the chat server thereby creating a "communications tunnel" right through your firewall. Your only protection is therefore your anti-virus program.

(2) Any firewall can be defeated by the Nimda virus or by some other hybrid worm. These viruses can actually get into your computer through your web browser itself. (Remember that Port 80 is open when you are browsing and that the web page, and whatever software is embedded on that page, will be downloaded in accordance with your browsers request to view that page.)

(3) Any virus can defeat your firewall via your E-mail program. Here the virus is embedded in an E-mail message or any type of file attachment. Worse yet it can be a self-extracting virus that can jump from the preview pane of your E-mail program even though you have yet to open that E-mail message.

(4) Any firewall can be defeated by you downloading (including FTP) software and files from the Internet. In this case you actually have invited the virus into your computer.

(5) Any firewall can be bypassed if the virus is on a floppy disk, a CD-RW, a CD-ROM, a DVD-RW or a DVD-ROM and you yourself mechanically loaded it into your computer.

Fortunately the solution to all these issues is to be vigilant, to be very cautious, to use common sense, and to keep an up-to-date anti-virus program running in the background on each of your networked computers.