Doom port 666 open on pfsense?



  • Hi everyone,

    I nmapped my pfsense box for the first time today via WAN, and this came up:

    PORT    STATE SERVICE
    22/tcp  open  ssh
    53/tcp  open  domain
    80/tcp  open  http
    443/tcp open  https
    666/tcp open  doom <–------------ :-\

    tcp port 666 (reference to the video game "doom") is opened ?
    That port is also used by many trojans...so I've read?



  • All WAN side ports on pfSense default as closed. Or actually wont respond to connection attempts. If you are seeing different you either have opened the port(s), or have a device upstream that is actually listening and responding.  Do you have upnp activated on your box?

    Go over to grc.com and do the tests from there and see if they agree with your other findings.



  • Device upstream was a strong assumption, and most likely what happened, but I wanted to clarify the 666 port question too.

    Thank you



  • Almost certainly upstream of you, or wrong. You'd have to configure something on port 666, or a port forward, for that to be the case. Nothing in the system will bind to 666, though a variety of services can be configured on any port you want.



  • Are you using UPnP or NAT-PMP?



  • @Nullity:

    Are you using UPnP or NAT-PMP?

    Some of my devices might have used upnp.



  • @bluzz44:

    Some of my devices might have used upnp.

    Just because your devices use upnp does not mean the router will allow it unless you have activated it.  pfSense upnp is not allowed by default.


  • Rebel Alliance Developer Netgate

    It's probably a package like darkstat that you installed. It wouldn't be open to the WAN unless your WAN rules were overly permissive.


Log in to reply