Port 8081 ; IDS or DNSBL
-
I scanned my external IP. I came back with port 8081 open labeled blackice-icecap. Some resources online mention this for IDS. I do have packet capture running on my pfsense. Is this related to that?
-
There are NO ports open with pfsense out of the box. Do you have something in front of pfsense? Did you create any rule son your WAN? Are you using a VPN?
-
The port was not open out of the box. The port 8081 is open and I believe it is because snort is enabled.
-
Snort does not open ports.
-
You make no mention of how you scanned your external address. If you do the scan from your inside network you're going to bogus results, you need to run the scan from a network that is actually on the outside of your firewall/router.
-
pfBlockerNG's DNSBL component listens on port 8081 on a virtual IP, but only on a LAN interface by default. If you run pfBlockerNG though, it may be worth checking this setting (Firewall > pfBlockerNG > DNSBL > Listening Interface).
-
That sounds right Narc. I have that running.
I scanned my external IP from two separate cellular data connections. Used Nmap and the mobile app Fing; which had labeled it as IceCap.
-
You can listen on 1000's of ports if you want on pfsense, you can forward 100's of them... Doesn't matter if your wan rules do not allow for the traffic then they would not be open from outside.
