News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Tasks for the weekend – October 16, 2021 – what ports are open?

    Home » Forums » AskWoody blog » Tasks for the weekend – October 16, 2021 – what ports are open?

    Author
    Topic
    #2396272

    Youtube video here One of the ways a home user can see if you are vulnerable for external attacks – especially if you have devices that allow for remo
    [See the full post at: Tasks for the weekend – October 16, 2021 – what ports are open?]

    Susan Bradley Patch Lady

    Viewing 14 reply threads
    Author
    Replies
    • #2396277

      Uhhh…why does clicking on that take me to a “browser reload suppressed” page at GRC?

      That page complains and tells me to press my back button on the browser, but, of course, I cannot do that as I did not get to the page from somewhere within the GRC site but directly from the link in your post here.

      (I don’t need to check as I know all ports GRC checks are closed but someone new to all this might get very confused with a bad link like that one).

      1 user thanked author for this post.
      • #2396287

        That’s the same thing that happened to me… Is Susan subtly checking that we do actually hover over link to check where the URL will take us before clicking? 😉 You know, the good old “I wanted to see if you are paying attention“. 😅

        Anyway, the good part is that all tested ports turned out to be “stealth” here and the UPnP Exposure Test did not reveal anything strange.

        • #2396320

          No more like I forgot that the grc site doesn’t allow direct urls and you have to go to the home location and scroll.

          Susan Bradley Patch Lady

          • #2396336

            I believe this link will take you directly to GRC’s ShieldsUp!

            Win7 - PRO & Ultimate, x64 & x86
            Win8.1 - PRO, x64 & x86
            Groups A, B & ABS

      • #2396283

        Try https://www.grc.com/default.htm and scroll down to the 2nd tool in the list:

        NEW SHIELDS UP! TEST: UPnP Exposure Test!

        Go to ShieldsUP! and click GRC’s “Instant UPnP Exposure Test”.

    • #2396280

      All ports are “stealth” on my 21H1 laptop.

      • #2396551

        No they are not. GRC tests your router, not your computer

        Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

        2 users thanked author for this post.
    • #2396297

      Your system has achieved a perfect “TruStealth” rating.

      I routinely check with this site every couple of months.

      Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
      "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
      "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • #2396392

        Not quite as good based on https://www.grc.com/shieldsup. Not sure what is causing the only blue box I have:

        443 HTTPS Closed Your computer has responded that this port exists but is currently closed to connections.

        Could it be one of the Firefox or Chrome browsers? I haven’t tweaked the default firewall settings. Looking I see a lot of apps are allowed through including Cortana and Start! Possibly for web search? I wonder just how many I can really block before something breaks…

        Also I get:

        Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet.

        So why isn’t port #7 complained as non-stealth?

        HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 21H1
        Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB
    • #2396321

      I can’t find how to post a new topic, so putting it here-
      Office365 platform being directly used to launch Conti ransomware-
      https://itwire.com/security/infosec-expert-beaumont-slams-microsoft-over-hosting-malware-for-years.html

    • #2396339

      Is there a way to scan all ports over 64,000 ports rather than just about 1000? Either at grc site or command prompt or some other way.

      • #2396351

        Though not as simple to use as an “online scanner”, the free & open source NMAP tool is a very robust network security scanner for both TCP & UDP and much more.

        This link describes the command used to scan all 65535 ports.

        It can be installed/used on most operating systems including Windows, Linux, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

    • #2396355

      Are there equivalent applications for Macs and for Linux? If so, which ones can be recommended?

      By the way: precisely what does it mean that a port is “stealthy”?

      Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur 11.6 & sometimes, Linux (Mint)

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

      • #2396376

        Each port is in one of three states:

        Open

        Closed

        Stealth-1

      • #2396388

        Apple Mac OS X | Nmap Network Scanning

        But as Paul says, this is scanning the edge of your network, so it’s looking at your ISP router/modem.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
        • #2396548

          PaulK: So “I’m listening and will reply appropriately” is “stealth”?

          Does “appropriately” here also mean “and I might not give you even the hour; if so, then leave me alone”?

          Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur 11.6 & sometimes, Linux (Mint)

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

          • #2396929

            An open port responds to incoming data requests. By default, when you buy a router at a retailer, the router will have no open ports. Only a router/gateway from an ISP will ship with any open ports.

            A closed port responds to queries saying that it is closed.

            A port in STEALTH status never responds.

            Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

            1 user thanked author for this post.
    • #2396356

      Just be aware that this only tests your network gateway device connected directly to the public network, such as your modem/router and its associated NAT firewall at the public IP address assigned by your ISP.

      If your PC is located behind a router on a private network, the Shields Up server cannot test your PC ports. They are already hidden from the public internet.

      1 user thanked author for this post.
    • #2396396

      Applicable to ALL windows users.
      The ‘Instant UPnP Exposure Test’ only checks the router.
      Remember the Windows OS also has UPnP as well..
      Fortunately Steve Gibson offers a freeware UnPlug ‘n’ Pray utility to disable the Windows internal UPnP which is on by default
      (only 22kb in size and portable)

      https://www.grc.com/unpnp/unpnp.htm

      why have something open, facing the ‘world wild web’ when it’s not required? it can easily be reversed should you ever need the service.

      | Quality over Quantity |
      5 users thanked author for this post.
      • #2396902

        How can I check my laptop to see if  UNPNP is disabled?

    • #2396427

      Way back 22 years ago when I got my first computer, I worshiped Steve Gibson but I guess I have gotten a bit sloppy/forgetful as I have aged into elder-hood and it looks like I never used that little UPnP utility on this computer so it was ON…ugh. Off on the router but my router is rather old now and I might need, one day, to connect directly to the internet while I waited for a new router to arrive and what if I didn’t remember to check GRC and this sort of thing then?

      So, this just illustrates one of many good reasons why a site like this is so valuable. Mahalo! 🙂

      Edit: I think it a bit sad that Microsoft tried to scare me into not installing that little utility simply because it did not come from the Microsoft Store. I do have “warn me” when installing apps, etc from outside Microsoft Store checked but still…. 🙁

      • #2396554

        Do not put a Windows computer directly on the Internet. That is, do not connect it to a modem, always connect it to a router or gateway (combination modem and router). While there is a firewall in Windows it has as many holes as Swiss cheese.

        Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

        1 user thanked author for this post.
    • #2396557

      Some thoughts on this:

      The UPnP Exposure test is very important as it is a HUGE security hole. Huge. UPnP was intended to be a LAN-only thing but some routers were so miserably configured that it was exposed to the Internet. This is the only such test, as far as I know. Even if UPnP is disabled in your router, you should still run this test.

      In terms of the status of ports Shields Up is the best such tester as it is very clear on whether a port is Closed (bad) or Stealth (good). Nmap terminology requires a translator to understand. However, the list of tested ports is about 12 years old and has not been updated, so it is is not nearly as useful as it could/should be. Gibson has moved on from ShieldsUP and not made any changes in, well, forever.

      The test of a thousand ports can yield a false positive as some routers detect the mass connections and shut down everything.

      There are more ways to test a router, both from the inside and the outside here

      https://www.routersecurity.org/testrouter.php

      There are just over 65,000 TCP ports. There are also just over 65,000 UDP ports. Shield sUP does nothing for UDP ports.

      To be clear, this tests the firewall in a router or gateway (combination modem/router). It does not test a stand-alone modem. It will only test a computer if it is directly connected to a modem, which is a really bad idea.

      The one exception to the above is if the test is run from a computer that is connected to a VPN. In that case, ShieldsUP is testing the VPN server, not your router. Ditto for Tor.

      Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

      2 users thanked author for this post.
      • #2396615

        I found GRC “Shields Up” to be handy back in the days when I was still using a dial-up modem and Win95/98. There was no way to avoid being directly connected to the internet using that modem. The public IP address was directly attached to the PC. And it was scannable from the public network. So if you left a port open, oops!

        So I always made sure to run a software firewall, and scan the ports to make sure I was stealth.

        Nowadays it is best to check that your router is securely locked down on the WAN side, and your devices on the private network LAN are getting their internal IP address from your router. Your internal network should be completely “stealth” by default as far as the public network can see.

        For further info on this topic, look up NAT (Network Address Translation), which is what your router is doing when it allows outbound/inbound WAN connections from your private IP address on the LAN.

    • #2396901

      I am currently in a rental property. Ran shields up and all the ports were closed. UNPNP is not on. But the ping test responded.   What does this mean? Is there anything I can do about it?

      I checked with the landlord – they have the Xfinity router and config. He had changed the name of the router. I asked about the password, he wasn’t sure. I tried to logon with the default userid and password. It let me in 😮

      So I marched (ok, well I walked) downstairs and had him update the password – as soon as you logon with the default, the router said you need to change it, it wouldn’t let you proceed beyond that. I looked at all the devices on the network and it appears that they are all valid.
      there were two unnamed Mac addresses but one of them was Amazon and the other was the same as the router – the satellite device. But I haven’t connected my Windows computer yet because I’m a little leery.  Can I safely connect the computer I will run Nord VPN.

      I tried to do a hotspot on my phone but Wi-Fi hotspot is greyed out. Turn Wi-Fi off and personal hotspot on iOS 14.something

      thanks Donna

    • #2396904

      One more question ; )

      Now mind you the attackers can still get you with browser attacks and phishing these days so I’d argue that this “direct attack” method is less likely to occur these days, but especially if you have older tech that relied on specific ports to be open, this is still a quick and dirty tool to use to check that your outside edge of your network is what you expect it to be.

      what is direct attack?

    • #2396912

      One more question ; )

      Now mind you the attackers can still get you with browser attacks and phishing these days so I’d argue that this “direct attack” method is less likely to occur these days, but especially if you have older tech that relied on specific ports to be open, this is still a quick and dirty tool to use to check that your outside edge of your network is what you expect it to be.

      what is direct attack?

      A “direct” attack on your computer should only be possible if you are directly connected to the public network using a public IP address, such as when you are running a web service.

      If your computer is not directly connected to the public network, then browser attacks and phishing are much more likely ways to get you than a direct attack.

      Here are some examples of attacks that can be carried out directly.

      https://www.cloudflare.com/learning/ddos/glossary/internet-control-message-protocol-icmp/

    • #2396932

      Failing the ping test at ShieldsUP is not a big big deal. It just means that your public IP address can be identified as live. Most every router/gateway has an option to turn this off, but the terminology will vary.

      Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

      1 user thanked author for this post.
    • #2397286

      As I said previously, we are at a rental property for a few months. I ran shields up and some tests from https://www.routersecurity.org/testrouter.php using my iPad. They all were good. But the landlord had not changed the router default password, which I had him change immediately. Also, there is no guest network. I haven’t seen anything buggy on my iPad, which is on the network. I am using a vpn.  I am reluctant to connect my laptop to the WiFi network.

      I can use my phone hotspot, but cellular data plan is only 6gb.  $15 per gb if you go over.  Upgrading will cost me $50 more per month. I will not need it when I go back home, however, I don’t think 6gb will be enough.  I suppose I could use cellular data, $50 more per month  would give me 9gb as opposed to permanently paying $50/month more.

      If I run NordVPN on my Dell laptop using the router at this rental property, would that be ok?or should I stick to using cellular hotspot? Thanks

      • #2397572

        put your own router in between perhaps. The way I see it you are on a public wifi network. I always used my own router whilst attending class with a living facility with wifi. The locals are not IT pros just hotel staff, with hundreds of techie guys/gals a the facility from all over who is to trust??

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
        • #2397574

          Thanks I thought of that but I don’t know how to attach my router. The primary router is in the landlord’s apartment.  How do you connect to the WiFi? I don’t see a port for a cable in the apartment.

    Viewing 14 reply threads
    Reply To: Tasks for the weekend – October 16, 2021 – what ports are open?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.