Open port 7547?
-
Hi all,
ISP has router in bridge mode.
I closed all ports on the WAN during the test but When I check the port 7547 of the outsize, it is open.How is that possible, or am I something that I do not understand?
Thanks for help. -
@WhoAmI68
I don't expect any port to be open, apart from which you explicitly forwarded to a host behind or that ones used by pfSense itself.To find out, if it's used by pfSense run
sockstat | grep .7547 -
@viragomann
I only use the command prompt, so the output is null.
login-to-viewAnyway, scan from the outside
login-to-view -
@WhoAmI68
Get sure, that the test even tries to access this port on your WAN.Use packet capture to sniff the traffic on WAN, while you run the test.
-
Could be the ISP device. Does pfSense actually have a public IP on it's WAN?
-
This post is deleted! -
@viragomann It is a very interesting thing about Sniff :).
Nmap from different networks will be null and Captive portal the same
login-to-viewPf logs is zero but When I use dnschecker.org or ipfingerprints.com, the result is as follows
login-to-view -
@stephenw10 said in Open port 7547?:
Does pfSense actually have a public IP on it's WAN?
Yes, pfsense have a public IP on WAN :).
-
@viragomann Correction: Nmap scan is dropped by Suricata.
log: 10/29/2024 17:11:37 GPL SCAN PING NMAP
-
Assuming your WAN actually has a public IP then it looks like something upstream is redirecting traffic on that port.
-
@stephenw10 exactly 7547 is the TR-069 service.
"is a bidirectional SOAP/HTTP-based protocol that provides communication between CPE devices and auto-configuration servers (ACS)."
Would seem quite possible that the isp device, ie the CPE is using this.