Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port 8081 ; IDS or DNSBL

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    8 Posts 5 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tleary
      last edited by Tleary

      I scanned my external IP. I came back with port 8081 open labeled blackice-icecap. Some resources online mention this for IDS. I do have packet capture running on my pfsense. Is this related to that?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        There are NO ports open with pfsense out of the box. Do you have something in front of pfsense? Did you create any rule son your WAN? Are you using a VPN?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          Tleary
          last edited by

          The port was not open out of the box. The port 8081 is open and I believe it is because snort is enabled.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Snort does not open ports.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 1
            • K
              kpa
              last edited by

              You make no mention of how you scanned your external address. If you do the scan from your inside network you're going to bogus results, you need to run the scan from a network that is actually on the outside of your firewall/router.

              1 Reply Last reply Reply Quote 0
              • T
                TheNarc
                last edited by TheNarc

                pfBlockerNG's DNSBL component listens on port 8081 on a virtual IP, but only on a LAN interface by default. If you run pfBlockerNG though, it may be worth checking this setting (Firewall > pfBlockerNG > DNSBL > Listening Interface).

                1 Reply Last reply Reply Quote 1
                • T
                  Tleary
                  last edited by

                  That sounds right Narc. I have that running.
                  I scanned my external IP from two separate cellular data connections. Used Nmap and the mobile app Fing; which had labeled it as IceCap.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    You can listen on 1000's of ports if you want on pfsense, you can forward 100's of them... Doesn't matter if your wan rules do not allow for the traffic then they would not be open from outside.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.