Re: 2Wire 3801HGV - ports open (even when I didn't open it) - AT&T U-verse

Author	All Replies
lanwarrior join:2007-08-09 Los Angeles, CA	reply to Mangix Re: 2Wire 3801HGV - ports open (even when I didn't open it) Yes, the IP address is correct. I tried it twice: 1). Through »www.whatismyip.com/ 2). Using Dynamic DNS I did not port forwards or put anything on DMZ. I went to Settings --> Firewall --> Advanced Configuration --> "Stealth Mode" and verified this was ALREADY checked. The ports are open, according to NMAP: Discovered open port 80/tcp Discovered open port 25/tcp Discovered open port 110/tcp Discovered open port 21/tcp Discovered open port 443/tcp Discovered open port 8080/tcp Discovered open port 143/tcp Discovered open port 3479/tcp For testing, I unplug EVERYTHING from the 3801HGV and connect only the ASUS router. This ASUS router has been configured to block EVERYTHING. Then I configure the WAN IP address for the ASUS router and test it again as follow: I. ASUS router uses private IP address from 2WIRE DHCP (192.168.1.xxx) Run NMAP again (I was connected to the office via VPN, so all traffic are routed through there). The SAME IP addresses above are shown. II. ASUS router uses public IP address from 2WIRE From 2WIRE, go to Settings --> LAN --> IP Address allocation and for the ASUS router selected "Public (Select WAN IP mapping). The ASUS WAN port now have the public IP address (99.xxx.xxx.xxx). Run NMAP again, SAME IP addresses are shown. Any other test I should do to ensure the ports were NOT open on the 2Wire router? I am not a security expert, so other than NMAP port scanning from another network (not while connected to the U-Verse network), I am not sure what other test I can do. However, if my testing is correct, it seems that the 2WIRE router is opening up all the above ports to the Internet.
	to forum · permalink · 2012-12-04 01:09:31 ·
NormanS Premium,MVM join:2001-02-14 San Jose, CA kudos:9 Reviews: ·SONIC.NET ·Pacific Bell - SBC 1 edit	said by lanwarrior: However, if my testing is correct, it seems that the 2WIRE router is opening up all the above ports to the Internet. Port 3479 shows up in an Internet search as registered by AT&T for their U-verse modems. Nice! Pace bought 2Wire, and my ISP issued me a Pace 4111N-030 residential gateway. Guess which port is open! quote: ---------------------------------------------------------------------- GRC Port Authority Report created on UTC: 2012-12-04 at 09:02:57 Results from scan of ports: 3470-3490 1 Ports Open 0 Ports Closed 20 Ports Stealth --------------------- 21 Ports Tested NO PORTS were found to be CLOSED. The port found to be OPEN was: 3479 Other than what is listed above, all ports are STEALTH. TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED. ---------------------------------------------------------------------- I don't have AT&T service; it is Sonic.net, LLC "Fusion" service. The GRC Shields Up! graphic lists port 3479 as, "2Wire RPC". Port 3479 is NOT listed as listening when I run 'netstat -an' at a command prompt. So you can see my Pace 4111N modem from the Internet, though I have no clue how secure it is; but you can't reach the equipment on the LAN. I expect it is used for remote configuration of the modem. Without access to the lowest OS layer in the RG, I see no way to "stealth" this port. FWIW, none of your other enumerated 2Wire open ports tested open on my Pace. Below 1030, and 1720, 5000: quote: ---------------------------------------------------------------------- GRC Port Authority Report created on UTC: 2012-12-04 at 09:16:00 Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 119, 135, 139, 143, 389, 443, 445, 1002, 1024-1030, 1720, 5000 0 Ports Open 0 Ports Closed 26 Ports Stealth --------------------- 26 Ports Tested ALL PORTS tested were found to be: STEALTH. TruStealth: FAILED - ALL tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED. ---------------------------------------------------------------------- Port 8080: quote: ---------------------------------------------------------------------- GRC Port Authority Report created on UTC: 2012-12-04 at 09:16:53 Results from scan of ports: 8070-8090 0 Ports Open 0 Ports Closed 21 Ports Stealth --------------------- 21 Ports Tested ALL PORTS tested were found to be: STEALTH. TruStealth: FAILED - ALL tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED. ---------------------------------------------------------------------- Maybe AT&T is doing something with proxies, or maybe there are multiple issues with your hardware. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
	to forum · permalink · 2012-12-04 04:25:02 ·

lanwarrior join:2007-08-09 Los Angeles, CA	Try to run the test using nmap or any other open source tool. Make sure you use SYN TCP scan.
	to forum · permalink · 2012-12-04 11:11:40 ·

US Telco Support > AT&T > AT&T U-verse > 2Wire 3801HGV - ports open (even when I didn't open it)

Re: 2Wire 3801HGV - ports open (even when I didn't open it)