When you connect your computer to the Internet, you have opened a door which invites any other computer in the world to come in. Actually, you have more than 65,000 doors into your computer, any one of which may be open. That is, unless you have taken steps to keep these doors closed. That is the purpose of a firewall. The firewall filters the information packets that show up at your "door" or computer port as we usually refer to it, and can either prevent them from entering or pass them through.

   When your computer connects to the Internet, it is assigned a numeric address or IP (internet protocol) address. These addresses are a 32 bit number. They are usually written out in four groups with periods between each group as follows: 111.11.11.111.

   Traveling over the Internet are many programs that simply look for unprotected IP addresses. The IP address of any unprotected computer is sent back to the originator who can then upload a trojan or spyware package to that address. The originator can then take control of the computer or the application will record keystrokes and send all recorded information back to the program originator.

   Although your computer has one IP address there are many different ports on your address. There are different ports for different purposes on your computer. Your connection to the Internet is usually through port 80. This is referred to as the HTTP (hypertext transfer protocol) port. It is used when you connect to a web page. The web page data is downloaded to your computer through this port. Another commonly used port is 25. This is used for the SMTP (standard mail transfer protocol) or e-mail transfer. Another port is used for incoming mail or POP3 transfer is port 110. These are all part of the port series from 0 to 1024 that are the most common ports. Many applications use ports in this region including PC Anywhere, Internet telephones, MSN messenger, Net Meeting, and all AOL operations. Ports 1024 to 49451 are referred to as registered ports. There are many Internet games that use ports in this region. There are also other specific functions assigned to these ports and some may duplicate functions in the common port region. The final group of ports are dynamic and have no specific functions registered. However, the point is that all of these ports can be accessed by remote computers somewhere out on the Internet and use them to connect to your computer if you have not protected them.

   Automated port scanning software is available free on the Internet from many "hacker sites". Its use is very common on the Internet. There are various types of scans. Some scanners will look for any of the 65,535 possible ports. Another type looks for open UDP (user data protocol) ports or may use an FTP (file transfer protocol) bounce to hide the origin of the scan. If an open port is located, software can be downloaded that will open a "backdoor" on your computer. This allows remote input and output. Such access can be used to record and transmit out information from your computer. It can also be used to attack other computers to produce a "zombie" network. Such networks have been used to attack large computer servers in attempts to bring them down or to produce a "denial of service" attack.

   Many users believe that a router with a firewall is adequate protection. Most routers use either network address translation (NAT) or a packet filter. Information on the Internet is transmitted in packets which contain the IP address of the sender and the address of the receiver in addition to the data. The router's firewall uses filters that look at the sending and receiving addresses of incoming packets on port 80 (HTTP). Only those packets that are a response to an outgoing request are allowed through. If your router uses a packet filter it can be penetrated by a fragmented scan. This type of scan breaks up packets into fragments which can easily get through the simple packet filter found in most router firewalls. Routers using NAT either alone or in combination with a packet filter can also be easily thwarted. NAT is not successful when the packet is an FTP packet or is sent by Microsoft's Netmeeting or similar audio/video applications that bury the address in the body of the packet. Only when the address is in the header of the packet can the router use address substitution. So packet filtering and NAT, although useful, do not provide complete firewall protection for all Internet connections.