Linksys Router Port 80. Are you kidding me?

[+Warwagon MVC]

15 minutes ago, Joe User said:

For laughs, a Linksys WRT54GS v4 that was given to me by SBCGlobal with a DSL package.  Just get me to the login screen without getting technical.

 

 

 

 

 

 

 

Bold down the Windows key on the keyboard (located to the left of the space bar) and press R (just once). Then, in the run box that just appeared on the bottom left type http://192.168.1.1 and press enter.

 

While Ip address may differ ..192.168.1.1 gets you into that router most of the time.

[Rippleman]

Just now, Bryan R. said:

"Hack me". Stop being childish. The security concerns are not individuals hacking individuals. We don't know what devices you may be using. But bots are constantly scanning all IPs for these open ports and trying known passwords and known vulnerabilities to get in.

You could be misinterpreting my intention. I am simply saying, the way I am reading it, is that a certain list of many many many  prerequisites are necessary before one has be worried.

[BinaryData]

2 minutes ago, Joe User said:

For laughs, a Linksys WRT54GS v4 that was given to me by SBCGlobal with a DSL package.  Just get me to the login screen without getting technical.

http://www.linksys.com/hk/support-article?articleNum=139826 <--- Master list of all Linksys Routers, from the looks of it.

 

http://downloads.linksys.com/downloads/userguide/1224638367753/wrt54gsv4_ug.pdf <--- Your router

 

In the wrt54gsv4 PDF, On Page 10 it tells you the IP you need to connect too.

 

1. Connect to http://192.168.1.1 (Generally the Default IP for SOHO Routers, or 192.168.0.1)

2. Username Field, leave it blank. Password is "admin".

 

In that PDF, go to page 51. It shows you how to do port Forwarding

3. Applications & Gaming Tab -> Port Forwarding

4. Your IP will be 192.168.1.x. X is whatever your computer you want to have forwarded with that port, we'll say 100.

 

So, it'll look like this 192.168.1.100 - Port #100 - Port #105 |Protocol: Both and then click enable. Give it a nickname, something short that you'll remember.

 

TCP has packet validation, whip UDP has none. If you lose too many TCP Packets, you won't get the full picture and may error out. UDP has no validation, generally used for video streaming. If you lose UDP Packets, it's no big issue, things keep moving forward, they don't matter.

 

 

I'm very familiar with the WRT54G Models from Linksys, I used that router for years. Just an FYI, don't ever use it again. I think it took me 30 seconds to break the WEP Key Encryption, lol. This was back in 2009 / 2010.

[Rippleman]

1 minute ago, Joe User said:

Well, first you'll need to install this malicious software...

Or, you'll need to get poorly designed hardware...

 

None of which is an actual flaw in the protocol. And there ARE flaws with the design, but it's not this monster that people are making it out to be.

 

For the average joe user it's good enough.

This is how I was interpreting it too.

[+Warwagon MVC]

1 minute ago, BinaryData said:

http://www.linksys.com/hk/support-article?articleNum=139826 <--- Master list of all Linksys Routers, from the looks of it.

 

 

The problem is the average user would have no idea were type type http://192.168.1.1 into it.

[BinaryData]

Just now, Rippleman said:

You could be misinterpreting my intention. I am simply saying, the way I am reading it, is that a certain list of many many many  prerequisites are necessary before one has be worried.

Not at all. Not even close. It depends on the equipment you're using, and how complex your network is. BudMan, sc302, and I have higher end gear, that average users don't have. You seem to be misunderstanding that this is aimed TOWARD SOHO (Small Office, Home Office) routers. Even my Cisco RV320 came disabled with UPnP, and it's Cisco so I trust THEM to make a good decision. BudMan/sc302 just reinforced it.

[Joe User]

3 minutes ago, BinaryData said:

http://www.linksys.com/hk/support-article?articleNum=139826 <--- Master list of all Linksys Routers, from the looks of it.

 

http://downloads.linksys.com/downloads/userguide/1224638367753/wrt54gsv4_ug.pdf <--- Your router

 

In the wrt54gsv4 PDF, On Page 10 it tells you the IP you need to connect too.

 

1. Connect to http://192.168.1.1 (Generally the Default IP for SOHO Routers, or 192.168.0.1)

2. Username Field, leave it blank. Password is "admin".

 

In that PDF, go to page 51. It shows you how to do port Forwarding

3. Applications & Gaming Tab -> Port Forwarding

4. Your IP will be 192.168.1.x. X is whatever your computer you want to have forwarded with that port, we'll say 100.

 

So, it'll look like this 192.168.1.100 - Port #100 - Port #105 |Protocol: Both and then click enable. Give it a nickname, something short that you'll remember.

 

TCP has packet validation, whip UDP has none. If you lose too many TCP Packets, you won't get the full picture and may error out. UDP has no validation, generally used for video streaming. If you lose UDP Packets, it's no big issue, things keep moving forward, they don't matter.

 

 

I'm very familiar with the WRT54G Models from Linksys, I used that router for years. Just an FYI, don't ever use it again. I think it took me 30 seconds to break the WEP Key Encryption, lol. This was back in 2009 / 2010.

Sorry, it came from my ISP and was configured with a 172 address by them.  See the problem?

 

[Joe User]

4 minutes ago, warwagon said:

hold down the Windows key (to the left of the space bar) and press R. Then, in the run box that just appeared type http://192.168.1.1 and press enter.

That model came with 192.168.0.1 by default at retail , if I remember correctly (might have been before v4). It also came with 172 addresses configured by some ISPs.

 

[Bryan R.]

8 minutes ago, Rippleman said:

You could be misinterpreting my intention. I am simply saying, the way I am reading it, is that a certain list of many many many  prerequisites are necessary before one has be worried.

In this very case of the OP, there are not many prerequisites. He got a home router with uPnP enabled. He then got a camera. The camera wanted port 80 open and so it got it thanks to uPnP. Now the camera is open to the internet. The only extra step was that the user wanted a camera. How many times are you going to see on the news how a family had their cameras compromised before you realize what the problem is? It's bad security from many angles. Too many doors left open.

 

8 minutes ago, BinaryData said:

http://www.linksys.com/hk/support-article?articleNum=139826 <--- Master list of all Linksys Routers, from the looks of it.

 

http://downloads.linksys.com/downloads/userguide/1224638367753/wrt54gsv4_ug.pdf <--- Your router

 

In the wrt54gsv4 PDF, On Page 10 it tells you the IP you need to connect too.

 

1. Connect to http://192.168.1.1 (Generally the Default IP for SOHO Routers, or 192.168.0.1)

2. Username Field, leave it blank. Password is "admin".

 

In that PDF, go to page 51. It shows you how to do port Forwarding

3. Applications & Gaming Tab -> Port Forwarding

4. Your IP will be 192.168.1.x. X is whatever your computer you want to have forwarded with that port, we'll say 100.

 

So, it'll look like this 192.168.1.100 - Port #100 - Port #105 |Protocol: Both and then click enable. Give it a nickname, something short that you'll remember.

 

TCP has packet validation, whip UDP has none. If you lose too many TCP Packets, you won't get the full picture and may error out. UDP has no validation, generally used for video streaming. If you lose UDP Packets, it's no big issue, things keep moving forward, they don't matter.

 

 

I'm very familiar with the WRT54G Models from Linksys, I used that router for years. Just an FYI, don't ever use it again. I think it took me 30 seconds to break the WEP Key Encryption, lol. This was back in 2009 / 2010.

He is just off-topic-baiting and trolling.

[Joe User]

3 minutes ago, Bryan R. said:

In this very case of the OP, there are not many prerequisites. He got a home router with uPnP enabled. He then got a camera. The camera wanted port 80 open and so it got it thanks to uPnP. Now the camera is open to the internet. The only extra step was that the user wanted a camera. How many times are you going to see on the news how a family had their cameras compromised before you realize what the problem is? It's bad security from many angles. Too many doors left open.

 

He is just off-topic-baiting.

Me? No, I'm proving that there's no standard way to get people into their router setup for something like adding port forwarding. It's close, but not a standard, and it starts getting complex. THEN you wind up where you need to install third party software or have DNS hacks to get to the router interface. All because you wanted to use voice chat in your favorite game. That's what UPnP is supposed to solve. 

 

[Bryan R.]

Just now, Joe User said:

Me? No, I'm proving that there's no standard way to get people into their router setup for something like adding port forwarding. It's close, but not a standard, and it starts getting complex. THEN you wind up where you need to install third party  software or have DNS hacks to get to the router interface. All because you wanted to use voice chat in your favorite game. That's what UPnP is supposed to solve. 

 

Every router comes with a manual...

 

Further, ASUS and Netgear use DNS names to access their routers now. ie, router.asus.com.

[Joe User]

23 minutes ago, BinaryData said:

http://www.linksys.com/hk/support-article?articleNum=139826 <--- Master list of all Linksys Routers, from the looks of it.

 

http://downloads.linksys.com/downloads/userguide/1224638367753/wrt54gsv4_ug.pdf <--- Your router

 

In the wrt54gsv4 PDF, On Page 10 it tells you the IP you need to connect too.

 

1. Connect to http://192.168.1.1 (Generally the Default IP for SOHO Routers, or 192.168.0.1)

2. Username Field, leave it blank. Password is "admin".

 

In that PDF, go to page 51. It shows you how to do port Forwarding

3. Applications & Gaming Tab -> Port Forwarding

4. Your IP will be 192.168.1.x. X is whatever your computer you want to have forwarded with that port, we'll say 100.

 

So, it'll look like this 192.168.1.100 - Port #100 - Port #105 |Protocol: Both and then click enable. Give it a nickname, something short that you'll remember.

 

TCP has packet validation, whip UDP has none. If you lose too many TCP Packets, you won't get the full picture and may error out. UDP has no validation, generally used for video streaming. If you lose UDP Packets, it's no big issue, things keep moving forward, they don't matter.

 

 

I'm very familiar with the WRT54G Models from Linksys, I used that router for years. Just an FYI, don't ever use it again. I think it took me 30 seconds to break the WEP Key Encryption, lol. This was back in 2009 / 2010.

Also, You're darn good at that. I mean that. Seriously, if I had a larger company I would recruit here.

Edited December 29, 2016 by Joe User

[Joe User]

Just now, Bryan R. said:

Every router comes with a manual...

 

Further, ASUS and Netgear use DNS names to access their routers now. ie, router.asus.com.

Again, you're missing the point. It's a complexity problem. Imagine if you're supporting a small camera company, you need to have support with pages of routers and all their configurations to talk the user through opening a port. Only to find out that their ISP changed the default settings and it won't work anyway.

 

[Bryan R.]

1 minute ago, Joe User said:

Again, you're missing the point. It's a complexity problem. Imagine if you're supporting a small camera company, you need to have support with pages of routers and all their configurations to talk the user through opening a port. Only to find out that their ISP changed the default settings and it won't work anyway.

 

There is no problem.. all devices and software use differing ports. If you are supporting cameras, you are expected to know the technical specifications of them (ie, ports needed). If your ISP is blocking access somehow, it sounds like you need a business class connection, but really, it sounds like your making something up.

 

If you want ease of use, and believe ignorance is bliss, uPnP is great at getting things working.

[BinaryData]

1 hour ago, warwagon said:

The problem is the average user would have no idea were type type http://192.168.1.1 into it.

Wrong. My mom is one of those "average" users, as with my sister, and they read the manual for their router. A lot of the help I have requested of me, is after the setup. When they're trying to add things like a switch, or printers, or the WiFi stops working.

1 hour ago, Joe User said:

Sorry, it came from my ISP and was configured with a 172 address by them.  See the problem?

 

You're nitpicking things, for one, most ISPs don't want you touching the internal configurations. My mom's ISP will actually cut your service if you change those configurations. I did what you requested, you gave me a router, you never specified that said router was from your ISP. Normally, your ISP also includes documentation, and any ISP i know will actually walk you through setting it up.

 

Again, you're making a mountain out of a mole hill. To clarify this whole argument;

 

UPnP is great for idiots who have ZERO understanding of Networking, Security, and general knowledge. These are the same people who don't change default user credentials, so we get things like the Mirai BotNet, and why Crypto Malware is so huge. So, thank you @Joe User for encouraging the use of UPnP. You are the type of person that I hate simply because you argue your point until no on gives a **** anymore, and arguing with you things become petty. Which they are beginning to learn towards.

 

Disable UPnP. It'll be better for you in the long run. If you can't figure out how to Google something in regards to your router, do the world a favor, stay the hell off the internet.

[+Warwagon MVC]

1 minute ago, BinaryData said:

UPnP is great for idiots who have ZERO understanding of Networking, Security, and general knowledge. These are the same people who don't change default user credentials,

 

You just described 90% of my customers lol

[BinaryData]

16 minutes ago, warwagon said:

You just described 90% of my customers lol

Depressing isn't it? It's actually gotten better with people I know. My mom tells them to Google things first, and then call me if they can't figure it out. I charge a case of beer per hour I'm there. If I'm there for 4+ hours, it's dinner. Usually get a couple good meals a month, it's awesome. Last one was SUPER awkward. A girl I slept with, her mom called me for Tech support, and she came over for dinner. Her boyfriend, cousin, and her weren't happy, parents loved me and knew why I ran like hell..

[+Warwagon MVC]

3 minutes ago, BinaryData said:

 A girl I slept with, her mom called me for Tech support, and she came over for dinner. Her boyfriend, cousin, and her weren't happy, parents loved me and knew why I ran like hell..

2

Hilarious!

[Joe User]

1 hour ago, BinaryData said:

Wrong. My mom is one of those "average" users, as with my sister, and they read the manual for their router. A lot of the help I have requested of me, is after the setup. When they're trying to add things like a switch, or printers, or the WiFi stops working.

You're nitpicking things, for one, most ISPs don't want you touching the internal configurations. My mom's ISP will actually cut your service if you change those configurations. I did what you requested, you gave me a router, you never specified that said router was from your ISP. Normally, your ISP also includes documentation, and any ISP i know will actually walk you through setting it up.

 

Again, you're making a mountain out of a mole hill. To clarify this whole argument;

 

UPnP is great for idiots who have ZERO understanding of Networking, Security, and general knowledge. These are the same people who don't change default user credentials, so we get things like the Mirai BotNet, and why Crypto Malware is so huge. So, thank you @Joe User for encouraging the use of UPnP. You are the type of person that I hate simply because you argue your point until no on gives a **** anymore, and arguing with you things become petty. Which they are beginning to learn towards.

 

Disable UPnP. It'll be better for you in the long run. If you can't figure out how to Google something in regards to your router, do the world a favor, stay the hell off the internet.

Well, actually I did specifically say from sbcglobal but that's nitpicking.

 

Either way. You have to balance usability with cost, speed, security and reliability. 

 

Throwing up extra blocks only makes people do stupid things, like disabling the firewall or opening up things they shouldn't.

 

Home network security needs to be easy to enable and not too difficult to scale down slightly when needed. It needs to be in your face during setup and quietly working after.

 

This camera setup sounds like a disaster and companies like that need to be called out on it. They need to be held liable if they are reckless with security.

 

Is UPnP perfect? Heck no. I would never use it in a secure work environment.

 

Is it good enough for average home use? Yes, with some caveats.

 

I'm done arguing this point since I'm just repeating myself now.

[+BudMan MVC]

4 hours ago, Rippleman said:

again... hack me... show me. If not, its all just hypothetical.

Just you enabling UPnP doesn't mean anything was opened.. And it sure and the hell doesn't broadcast your IP to everyone on the planet so we know what IP to "hack"

 

Why don't you post up your IP.. And we can run scan to see what ports are open.. Or do it yourself, grc has a free scanner.  There are plenty of others.  Opening ports is not the real security issue, the security issue is ports open that you are not aware of.. Like the OP... Anything else is off topic to be honest.  There is NO scenario I can think of not even Grandma wanting to host xbox games that should ports just opened inbound without the user/admin KNOWING its going to happen or authing it to happen.  UPnP being on by default is BAD BAD BAD.. I can not say this enough.. Because you know why.. User gets some new iot device that has a web page, why should I change the password - its not open to the internet.  But said UPnP asked the router to open up port 80 for it (to be helpful)..

 

Routers UPnP should be OFF by default.. User can access and click the little switch to enable it.. Any sort of iot device should have UPnP off by default as well!!  If I want it to auto forward the ports then the user should have to click something!!  Last time I checked these iot devices like his camera don't have any software firewall running to warn the user.. While that might be true for your OS.. That is not what the OP was complaining about..

 

As to the comments about IPv6.. Not sure what crappy soho router your using, but my router/firewall blocks IPv6 unless I open it.  So I have some stuff open - ie I serve up ntp to ntp pool via ipv6, you can ping my ipv6 devices.. Other than nat there is no inbound unsolicited traffic allowed into any of my ipv6 addresses..

 

As to your phone..Looking on my phone when its not on wifi it has no IPv4 address that I can see.. It has many link-local addresses, and also has many global ipv6 addresses 2607:fb90...  Owned by T-mobile.  Doesn't mean they are open to the whole planet..  I tried pinging them, scanning them - nothing shows open.  What exactly should be listening on your phone for unsolicited traffic?  I am quite sure t-mobile doesn't just allow their phones unfiltered to the internet.  I find that highly unlikely for any cell carrier..

 

I agree UPnP has uses for users that don't know any better.  All I am saying is it should not be on by default without some controls.  You can enable it in pfsense for example - but I can also put controls in place on it, ie what ports an IP can open, and that it can only open those ports to itself, etc.  So for example when my son was here, I had his Playstation isolated on its own network.. Couldn't talk to my other networks, and I did enable UPnP for it..  But only it, and pfsense has an interface that you can look to see what is open, what opened it.  And you can log what was requested, what has been opened, etc..  The protocol can be useful, but default on with any any sort of setting - yeah BAD idea!!!

 

[+InsaneNutter MVC]

16 hours ago, LittleFroggy said:

Insane, Do the UK internet providers offer routers with their service? reason I ask is, each month, Charter here charges me a small amount $20 or $25. But when my router messed up, they GAVE me a brand new one.

 

or do the UK providers have customers buy their own?

You get a modem / router combo with most ISP's these days, generally there awful though. However you can usually put them in modem mode and use your own hardware.

[BinaryData]

9 hours ago, InsaneNutter said:

You get a modem / router combo with most ISP's these days, generally there awful though. However you can usually put them in modem mode and use your own hardware.

My ISP is one of the few that doesn't give you a router. They also require a bit more information than the average ISP. I've got to register my MAC Address with them, then my IP is bound to my MAC. I have to go online to change it if I need too. Though, the thing they don't allow certain hardware, i.e. Juniper Firewalls, and Enterprise class gear. I'm not vastly knowledge on Networking, but apparently someone looped the network when they plugged their Cisco Router in, I think it was an ASA or ASR.

 

22 hours ago, Joe User said:

Well, actually I did specifically say from sbcglobal but that's nitpicking.

 

Either way. You have to balance usability with cost, speed, security and reliability. 

 

Throwing up extra blocks only makes people do stupid things, like disabling the firewall or opening up things they shouldn't.

 

Home network security needs to be easy to enable and not too difficult to scale down slightly when needed. It needs to be in your face during setup and quietly working after.

 

This camera setup sounds like a disaster and companies like that need to be called out on it. They need to be held liable if they are reckless with security.

 

Is UPnP perfect? Heck no. I would never use it in a secure work environment.

 

Is it good enough for average home use? Yes, with some caveats.

 

I'm done arguing this point since I'm just repeating myself now.

You're forgetting something major here. Most "average users" don't ever need to forward ports. So your whole argument of having UPnP Enabled my default is kaput. Our Senior Network Engineer, who just left Cisco, said that UPnP should be removed permanently from SOHO gear. It's cause a lot of issues in the past. You're handing people devices with UPnP Enabled who have very little knowledge of Security, hell my neighbor never changed her router password, camera passwords, etc. I was using her printer from my house. She's one of your "Average" users. She had no idea that I was able to rotate her camera and disable it. So again, why the hell do you think this is a good idea?

 

What companies need to do is have;

 

1. Better Support.

2. Explain things in a logical and easy to understand manner, without making the customer feel stupid (I do this often, thus why I don't do CSR)

3. IDIOT proof it.

 

Shark007 Codec installation specifically asks you "Hey, do you use XBOXs to stream media from your PC? Yes/No", it'll configure your settings for you depending on what answer you give. Routers should be the same way, when you set them up, it should REQUIRE you to login before being able to enable the internet. No internet until it's configured. Believe me, this is by far better than enabling UPnP. I see how "special" my brothers generation is, and my god it freaking scares me.

 

The other practice that needs to be stopped is using a customers name and ph # as their WiFi Password. For one, that's easily forced with a bruteforce attack, and their aren't any time outs or enter chances. I'm not trying to fight, but I disagree with your "reasons" and "logic" simply because I deal a lot with those "average" users. My mom pimps my skills and cell phone # out like it's going out of style. I have about 40 different login credentials for different networks, one I've been managing for 5+ years now. With LOTS of trial and error, I've upgraded them from daisy chained AC Routers to Ubiquiti APs, and a proper router/switch. Though, I still suck with FW Rules.

 

@BudMan With pfSense can I enable UPnP for a specific VLAN only, or will it open it for everything? (I'm curious, don't think I'm going to do it!)

[+InsaneNutter MVC]

2 hours ago, BinaryData said:

You're forgetting something major here. Most "average users" don't ever need to forward ports. So your whole argument of having UPnP Enabled my default is kaput. Our Senior Network Engineer, who just left Cisco, said that UPnP should be removed permanently from SOHO gear. It's cause a lot of issues in the past. You're handing people devices with UPnP Enabled who have very little knowledge of Security, hell my neighbor never changed her router password, camera passwords, etc. I was using her printer from my house. She's one of your "Average" users. She had no idea that I was able to rotate her camera and disable it. So again, why the hell do you think this is a good idea?

It's a catch 22 situation, the people your talking about also buy a PC and have administrator access to it. That PC is then shortly full of malicious software,

 

For example your "average" person who buys a game console for themselves or their kids needs upnp for Xbox Live, it's the only way to get a open connection with two or more Xbox's on the same network. You can forward port 3074, then when the second Xbox can't get that port it will open a random one via upnp. Unless anything has changed you can't manually define a port for Xbox Live to use if you wish to get an open connection on multiple consoles.

 

So i guess you could argue software needs to improve but people need educating too. Unless its a simple as your router saying you have an Xbox, PS4 and Wii U on your network, do you want me to give these consoles static IP's and open the required pots people are going to have trouble. Upnp is the lazy solution to that.

 

Unless basic computer / internet security gets taught in school most people are never going to understand it, or really have any desire to learn sadly.

 

I do however think the OnHub from Google might well be the first step to addressing the above though for people who just want to plug something in and have it work.

[adrynalyne]

10 minutes ago, InsaneNutter said:

It's a catch 22 situation, the people your talking about also buy a PC and have administrator access to it. That PC is then shortly full of malicious software,

 

For example your "average" person who buys a game console for themselves or their kids needs upnp for Xbox Live, it's the only way to get a open connection with two or more Xbox's on the same network. You can forward port 3074, then when the second Xbox can't get that port it will open a random one via upnp. Unless anything has changed you can't manually define a port for Xbox Live to use if you wish to get an open connection on multiple consoles.

 

So i guess you could argue software needs to improve but people need educating too. Unless its a simple as your router saying you have an Xbox, PS4 and Wii U on your network, do you want me to give these consoles static IP's and open the required pots people are going to have trouble. Upnp is the lazy solution to that.

 

Unless basic computer / internet security gets taught in school most people are never going to understand it, or really have any desire to learn sadly.

 

I do however think the OnHub from Google might well be the first step to addressing the above though for people who just want to plug something in and have it work.

Isn't OnHub dead?

[BinaryData]

16 minutes ago, InsaneNutter said:

It's a catch 22 situation, the people your talking about also buy a PC and have administrator access to it. That PC is then shortly full of malicious software,

 

For example your "average" person who buys a game console for themselves or their kids needs upnp for Xbox Live, it's the only way to get a open connection with two or more Xbox's on the same network. You can forward port 3074, then when the second Xbox can't get that port it will open a random one via upnp. Unless anything has changed you can't manually define a port for Xbox Live to use if you wish to get an open connection on multiple consoles.

 

So i guess you could argue software needs to improve but people need educating too. Unless its a simple as your router saying you have an Xbox, PS4 and Wii U on your network, do you want me to give these consoles static IP's and open the required pots people are going to have trouble. Upnp is the lazy solution to that.

 

Unless basic computer / internet security gets taught in school most people are never going to understand it, or really have any desire to learn sadly.

 

I do however think the OnHub from Google might well be the first step to addressing the above though for people who just want to plug something in and have it work.

Strange because I've opened the ports for the XBOX Network and forwarded them to a specific IP. My brother can host games, and connect to others parties. His best friend recently came over and was hosting parties without having ports forwarded. Believe me, UPnP was NOT enabled. The XBOX network has multiple ports that can be connected to, if one is busy, another can be used. The only time I've had issues is when we have LAN Parties, at that point I have to do some wonky stuff.

 

Opening up a port to the XBOX Live Servers doesn't always increase your connectivity, or your ability to host games. NAT is the biggest issue WITH hosting games. My ISP gives me a bulk set of IP Addresses, I pay a bit extra for them but it's well worth it.