NOTE: This post (and countless others, no doubt) obviously concerns both "connectivity" as well as "modem/router". Yet, I found myself unable to tick both categories and therefore reluctantly chose "none".Hello again,
Ever since first setting it up last month, I've been experiencing some odd behavior with my Verizon DSL connection.
First, I see
continuous, non-stop, low-level network activity (in both directions) that I cannot account for.
Below is the output from the
netstat and
ifconfig commands I ran right after booting into Ubuntu (GNU/Linux).
netstat output at boot:
caveat@ubuntu:~$ sudo netstat -anp | grep -e tcp -e udp
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1277/cupsd
tcp 1 0 192.168.1.36:53883 23.67.243.18:80 CLOSE_WAIT 1760/clock-applet
tcp6 0 0 ::1:631 :::* LISTEN 1277/cupsd
udp 0 0 0.0.0.0:68 0.0.0.0:* 1460/dhclient
caveat@ubuntu:~$
Output of
ifconfig at boot:
eth1 Link encap:Ethernet HWaddr [I redacted what appeared here because I wasn't sure whether posting it could compromise my privacy or security in some way]
inet addr:192.168.1.[xx] Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: [redacted] Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81 errors:0 dropped:0 overruns:0 frame:0
TX packets: 27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes: 14460 (14.4 KB) TX bytes: 2957 (2.9 KB)
Interrupt:18
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::[redacted] Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:720 (720.0 B) TX bytes:720 (720.0 B)
And now the ifconfig output after ten-fifteen minutes of being completely idle as far as I could tell (had only the terminal and
gedit text-editor open. Notice the additional traffic in both directions: (
lo remained the same each time, so I didn't bother copying the output)
eth1 Link encap:Ethernet HWaddr [redacted]
inet addr:192.168.1.[xx] Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: [redacted] Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets: 790 errors:0 dropped:0 overruns:0 frame:0
TX packets: 131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes: 59842 (59.8 KB) TX bytes: 9619 (9.6 KB)
Interrupt:18
Just a few minutes later, a little more traffic still:
eth1 Link encap:Ethernet HWaddr [redacted]
inet addr:192.168.1.[x] Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: [redacted] Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets: 1126 errors:0 dropped:0 overruns:0 frame:0
TX packets: 180 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes: 81346 (81.3 KB) TX bytes: 12755 (12.7 KB)
Interrupt:18
The "Network Monitoring" app in PCLinuxOS* also showed continuous low-level network activity in both directions-- even when the same netstat command did not show
any services listening on
any ports.
(*PCLOS had been my primary distro up until today and the one I first set-up the new Verizon DSL connection with)
My router (provided by Verizon) is the Westell 7500 ( Model: A90-750015-07, Rev:Z, Made in China 06/2011) and I have not set up any wireless at all yet, so this is with just the standard ethernet connection.
The green
E1 light on the router continuously blinks slowly-- maybe once, sometimes twice per second. The
"Internet" light seems somewhat erratic; I monitored it fairly closely today while waiting to get the
ifconfig output that I posted above (with nothing open other than a terminal and a text editor), and did not notice it blink at all during that short period. However, I'm pretty sure that there were many times in the past when despite being completely idle as far as I could see, I noticed the "Internet" light blinking.
Another thing that has me completely baffled:
I have run many port scans at the GRC "Shield's Up!" site-- some with my software firewall
and my router firewall both
enabled, some with both of them
disabled, and others with various combinations of each... And I always get the
same result regardless. This is true not only for the two GNU/Linux
installations that I have now used this router/DSL account with (PCLinuxOS and now Ubuntu) but also for all of the several other distros that I have tried running
live during this time.
In contrast, when I used dialup, my port scan results would vary quite distinctly depending upon the status and settings of my software firewall as well as the ISP I was using.
This is what I get from GRC (every time):
said by GRC Shield's Up! :Results from scan of ports: 0-1055
0 Ports Open
3 Ports Closed
1053 Ports Stealth
---------------------
1056 Ports Tested
NO PORTS were found to be OPEN.
Ports found to be CLOSED were: 20, 21, 500
Other than what is listed above, all ports are STEALTH.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
I'm not worried about the results
themselves (Seems like most of those who really know security don't consider "stealth" necessary-- or even ideal in all circumstances). What concerns me is what I already described above: How could I possibly get the exact same results regardless of my both
router firewall settings as well as my
OS/software firewall/port settings?!
At the same time, I know that changing the setting of the Westell firewall through the GUI at »
192.168.1.1 actually does make a difference in what traffic can get through...Only after doing just that was I was finally able to connect to a key server to import a
GPG signing key...
So, to summarize, my two basic questions are:
1.) Why do I have constant network activity even when completely idle?
and
2.) Why is there
never any variation in the results of my port scans-- whether I have both my router
and and software firewalls at the max settings, or have
neither of them enabled at all, the port scan results show no difference whatsoever.
I thank everyone who took the time to read this and for any help that anyone may be able to offer in solving this mystery to me.