Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port 443 open

    Scheduled Pinned Locked Moved NAT
    24 Posts 3 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grasshopper645
      last edited by

      Yes i have a public static IP address. Used the packet capture to capture 100 packets for port 443 only. Got 100 random address attempts to access it. lol maybe I will just leave it down. I'll go into the modem and assume that is what is keeping the port open..Cheers.

      1 Reply Last reply Reply Quote 0
      • G
        grasshopper645
        last edited by

        Confirmed modem is not allowing port 443, and added a block of port 443 to the firewall. Port is still open lol. Could my ISP be doing something?

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Post a screenshot of WAN rules on pfSense.

          1 Reply Last reply Reply Quote 0
          • G
            grasshopper645
            last edited by

            Here are the wan rules..This is very strange. I am thinking of re-installing pfsense to see if that makes a difference?

            Capture.JPG
            Capture.JPG_thumb

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              That won't make any difference, plus definitely not convinced that 404 comes from pfSense. "The requested resource is not found" is either IIS or Tomcat error message. Not lighttpd. When you go to a non-existent page on pfSense GUI, you get plain "404 - Not Found".

              1 Reply Last reply Reply Quote 0
              • G
                grasshopper645
                last edited by

                I'll bypass pfsense with a standard home-based router tonight and see weather the port is still open. I agree with you - I doubt that message is coming from pfsense. I must admit I am a little concerned maybe the server has been compromised

                1 Reply Last reply Reply Quote 0
                • G
                  grasshopper645
                  last edited by

                  It's definitely pfsense keeping port 443 open. I have put the modem non-bridging mode and the port is closed. Could some glitch in pfsense be causing this? I'm at a loss as to what to do DX

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Already suggested to do a packet capture. Then there are firewall logs. As for hunting ghosts, no, no suggestions. Produce some information to work with. https://ip_ommited and a 404 that clearly does not come from pfSense is not useful. Did you enable some UPnP junk?

                    :(

                    1 Reply Last reply Reply Quote 0
                    • M
                      muswellhillbilly
                      last edited by

                      A thought: Just to double-check, where are you hitting 'ip omitted' from? Are you pointing to the ip address from a machine inside your network or from outside?

                      1 Reply Last reply Reply Quote 0
                      • G
                        grasshopper645
                        last edited by

                        @doktornotor:

                        Already suggested to do a packet capture. Then there are firewall logs. As for hunting ghosts, no, no suggestions. Produce some information to work with. https://ip_ommited and a 404 that clearly does not come from pfSense is not useful. Did you enable some UPnP junk?

                        :(

                        Yep you were correct!!!

                        I very much appreciate your persistance in replying, despite my ignorance/vague replies. You have saved me a lot of grief!!!

                        Capture.PNG
                        Capture.PNG_thumb

                        1 Reply Last reply Reply Quote 0
                        • G
                          grasshopper645
                          last edited by

                          @muswellhillbilly:

                          A thought: Just to double-check, where are you hitting 'ip omitted' from? Are you pointing to the ip address from a machine inside your network or from outside?

                          I manually wrote 'ip omitted' as i didnt want the public internet knowing what my IP address is. It was a public address for what its worth. Cheers.

                          1 Reply Last reply Reply Quote 0
                          • G
                            grasshopper645
                            last edited by

                            I understand if no one replies to this - (unrelated) but could someone please explain why Windows Media player requires https port forwarded? cheers.

                            1 Reply Last reply Reply Quote 0
                            • D
                              doktornotor Banned
                              last edited by

                              You need to ask MS. Please, disable or at least severely restrict the UPnP access, there are some examples in the GUI. Very dangerous without any restrictions.

                              1 Reply Last reply Reply Quote 0
                              • M
                                muswellhillbilly
                                last edited by

                                According to MS it's to do with performance: http://windows.microsoft.com/en-gb/windows7/stream-your-media-over-the-internet-using-windows-media-player. Though this is really a question for a different forum.

                                1 Reply Last reply Reply Quote 0
                                • D
                                  doktornotor Banned
                                  last edited by

                                  @muswellhillbilly:

                                  According to MS it's to do with performance: http://windows.microsoft.com/en-gb/windows7/stream-your-media-over-the-internet-using-windows-media-player.

                                  Ah of course, who gives a fuck about security, performance is much more important in the MS land; plus it's extremely excellent idea to steal standard HTTPS port for some media streaming junk.  :o ???

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    muswellhillbilly
                                    last edited by

                                    Before I found the article, I gamely wondered if MS might have been using 443 to encrypt the data. Hardy-har-har!

                                    1 Reply Last reply Reply Quote 0
                                    • G
                                      grasshopper645
                                      last edited by

                                      @doktornotor:

                                      @muswellhillbilly:

                                      According to MS it's to do with performance: http://windows.microsoft.com/en-gb/windows7/stream-your-media-over-the-internet-using-windows-media-player.

                                      Ah of course, who gives a fuck about security, performance is much more important in the MS land; plus it's extremely excellent idea to steal standard HTTPS port for some media streaming junk.  :o ???

                                      lol..so true!

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.