Subsonic Forum

I have a question about security and vulnerability. I have set up port forwarding for Subsonic to work (port 4040 for my Ubuntu installation). I have played with my Firestarter firewall settings and it appears that if I want to connect from different remote networks and computers, I will need to open the incoming access to "everyone".

My question is, how vulnerable is my network with the port forwarding and how vulnerable is my computer with my firewall allowing connections to "everyone" through port 4040?

I'm don't completely understand the implications of the settings and just want to make sure I'm not a mark for hackers sniffing for open ports to exploit.

Many thanks for any feedback.
(I apologize for posting this originally under "Feature Request". I wasn't able to figure out how to edit the posted forum, so have re-posted here).

Whenever you open up a port on your firewall you are always offering greater opportunities for danger. But with that being said, port 4040 is going to be targeted far less frequently than some other ports because it isn't a port that hackers would expect a server to be on. The bigger concern when opening ports is how secure is the service that is responding to requests on that port. In this case Subsonic isn't an exploitable service (as far as I can tell) so you are going to be relatively safe when opening up this port.

Thank you kermit22 for taking the time to respond to my post. Anyone else who would like to weigh in on the subject or extra precautions; your feedback would be welcomed.

Hackers dont usually try and guess open ports. A simple port scan will identify it as open. I wouldnt worry too much though, as long as you dont put yourself out there too much, an attack is unlikely.

Just to further contribute to this discussion.

If you're running linux (which it sounds like you are as you mentioned firestarter) then DO NOT RUN SUBSONIC AS ROOT! Run subsonic as a lower prividged user so that if there is an exploit in Subsonic then the damage to your system should be minimal compared to an exploit when running subsonic as root.