Broadband Tech > Security > Security > Blocking Port 22

Blocking Port 22

22 is SSH. It may be your perception of the situation is a little upside down. 22 might be responding because it's the only port that GRC scans that your ISP doesn't instantly drop the traffic on the ground.
--
Scott Brown Consulting

So, I should ignore it or find a way to turn it off?

You should poke around the web interface that lets you administer your gateway device, to the extent that you're allowed access. You want to know what's going on in there anyway. But it's unlikely you can effect the change you have in mind. My assessment on limited information is these are routing rules in your ISP's scope, not in your control.

reply to Furious1964
Which of the GRC scan types did you do, "Common Ports"?

Yes, common ports.

Nothing to lose sleep over anyway. The chinese army guys are looking for OPEN port 22's, rich targets. They can't mess with you through your gateway just showing that closed port. It just says you're there on the network segment.

Figured I couldn't do a thing as I looked at all the settings and nothing. Guessing it's something Bell wants to keep visible so they can troubleshoot problems later.

That's probably what it is yes. A backdoor they can enable temporarily via the line, to ssh into the gateway/router and change settings. When I portscan myself here 22 is stealthed along with everything else in GRC's "Common Ports" list.

It's not ideal but it's really no big deal, with no service behind it. Some ISPs have been known to ship CPE devices with much, much worse, abjectly insecure WAN facing configurations.

reply to Furious1964
I'd be more worried if you did have something listening on port 22 without your knowledge.
Make sure your Fibe device and none of your computers have 22 in LISTEN status -- netstat -a
is a really good friend for any computers at home.

Regards

How do I tell if port 22 is being used with that?

Check any admin pages on the Fibe device --- if Bell allows you access. I really CAN'T see a reason why
an ISP'd need remote access to this; they're not selling a managed device service here...

Regards

reply to Furious1964
If 22 were backed by a listener the GRC scan would have shown it "open".

reply to Furious1964
Personally, as long as the port is closed and you have no services listening on that port, then its nothing to worry about.

IMO stealth is just a marketing hype. A system with closed ports is just as secure as one that is stealth. The only difference being a closed port tells a scanner "im closed go away".

I have my router sent to respond to pings, and my ports all show closed. I find it get much less internet noise on my gateway. Zombies and scanners scan my ports, get returned with message "port closed" and they move on and leave me alone.

Besides, NMAP a freely available tool is more then capable of scanning a stealthed system for open or closed ports and reporting if those ports are open or filtered. So since NMAP can do this, how exactly is stealthed helping you any?

Just for a little history lesson, but the Code Red worm HAMMERED stealthed systems but systems with ports closed just got scanned once, if no open ports were found, it just moved on...with stealth systems it hammered them scan requests that put a great load on the systems itself.

Here is a great lengthy debate on this issue of closed vs stealthed here

»Closed vs Stealthed Ports

IMO stealth is nothing more then marketing hype

For even more fun, read up on Blake's ElCheapo Router Challenge

»El Cheapo Router Challenge

Even if you respond to pings and show closed ports, good luck getting into your system unless you have a service actively listening on the port in question.

again just my 2 cents.