dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
73
share rss forum feed


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC

1 edit
reply to lanwarrior

Re: 2Wire 3801HGV - ports open (even when I didn't open it)

said by lanwarrior:

However, if my testing is correct, it seems that the 2WIRE router is opening up all the above ports to the Internet.

Port 3479 shows up in an Internet search as registered by AT&T for their U-verse modems.

Nice! Pace bought 2Wire, and my ISP issued me a Pace 4111N-030 residential gateway. Guess which port is open!
quote:
----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2012-12-04 at 09:02:57

Results from scan of ports: 3470-3490

1 Ports Open
0 Ports Closed
20 Ports Stealth
---------------------
21 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 3479

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------

I don't have AT&T service; it is Sonic.net, LLC "Fusion" service. The GRC Shields Up! graphic lists port 3479 as, "2Wire RPC".

Port 3479 is NOT listed as listening when I run 'netstat -an' at a command prompt. So you can see my Pace 4111N modem from the Internet, though I have no clue how secure it is; but you can't reach the equipment on the LAN.

I expect it is used for remote configuration of the modem. Without access to the lowest OS layer in the RG, I see no way to "stealth" this port.

FWIW, none of your other enumerated 2Wire open ports tested open on my Pace. Below 1030, and 1720, 5000:
quote:
----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2012-12-04 at 09:16:00

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------

Port 8080:
quote:
----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2012-12-04 at 09:16:53

Results from scan of ports: 8070-8090

0 Ports Open
0 Ports Closed
21 Ports Stealth
---------------------
21 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------

Maybe AT&T is doing something with proxies, or maybe there are multiple issues with your hardware.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

lanwarrior

join:2007-08-09
Los Angeles, CA
Try to run the test using nmap or any other open source tool. Make sure you use SYN TCP scan.