Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.1 Failing the GRC firewall test

    General pfSense Questions
    13
    47
    9966
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firewalluser last edited by

      2.1-RELEASE (amd64)
      built on Wed Sep 11 18:17:48 EDT 2013
      FreeBSD 8.3-RELEASE-p11

      Everything blocked on the WAN interface with the two default rules as well.

      Just ran the firewall test at GRC.com https://www.grc.com/x/ne.dll?bh0bkyd2 with an all service port scan and GRC is reporting

      Ports 0-63 = Stealth
      64-174 = Closed
      175-180 = Stealth
      181-191 = Closed
      192-255 = Stealth
      256-391 = Closed
      392-393 = Stealth
      394-415 = Closed
      416-479 = Stealth
      480-605 = Closed
      606-671 = Stealth
      672-794 = Closed
      795-863 = Stealth
      864-983 = Closed
      984-1055 = Stealth

      Previous versions of pfsense show up as all Stealth, so why is 2.1 failing the GRC scan like this?

      Edit: Sorry the Closed ports are actually reported as Open according to GRC.

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • F
        firewalluser last edited by

        Well I've just reinstalled from CD and still getting the same results on this pc.

        Any suggestion or anyone else see this, if not I'll start looking at the UEFI bios on this machine as this is also running slower compared to previous times I've been in the bios?

        Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

        Asch Conformity, mainly the blind leading the blind.

        1 Reply Last reply Reply Quote 0
        • F
          firewalluser last edited by

          –--------------------------------------------------------------------

          GRC Port Authority Report created on UTC: 2013-11-21 at 20:48:58

          Results from scan of ports: 0-1055

          635 Ports Open
              0 Ports Closed
            421 Ports Stealth

          1056 Ports Tested

          NO PORTS were found to be CLOSED.

          Ports found to be STEALTH were: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                                          10, 11, 12, 13, 14, 15, 16,
                                          17, 18, 19, 20, 21, 22, 23,
                                          24, 25, 26, 27, 28, 29, 30,
                                          31, 32, 33, 34, 35, 36, 37,
                                          38, 39, 40, 41, 42, 43, 44,
                                          45, 46, 47, 48, 49, 50, 51,
                                          52, 53, 54, 55, 56, 57, 58,
                                          59, 60, 61, 62, 63, 192, 193,
                                          194, 195, 196, 197, 198, 199,
                                          200, 201, 202, 203, 204, 205,
                                          206, 207, 208, 209, 210, 211,
                                          212, 213, 214, 215, 224, 225,
                                          226, 227, 228, 229, 230, 231,
                                          232, 233, 234, 235, 236, 237,
                                          238, 239, 240, 241, 242, 243,
                                          244, 245, 246, 247, 248, 249,
                                          250, 251, 252, 253, 254, 255,
                                          256, 257, 258, 259, 260, 261,
                                          262, 263, 264, 265, 266, 267,
                                          268, 269, 270, 271, 331, 332,
                                          335, 343, 352, 353, 354, 355,
                                          356, 357, 358, 359, 360, 361,
                                          362, 363, 364, 365, 366, 367,
                                          368, 369, 370, 371, 372, 373,
                                          374, 375, 376, 377, 378, 379,
                                          380, 381, 382, 383, 384, 385,
                                          386, 387, 388, 389, 390, 391,
                                          392, 393, 394, 395, 396, 397,
                                          398, 399, 400, 401, 402, 403,
                                          404, 405, 406, 407, 408, 409,
                                          410, 411, 412, 413, 414, 415,
                                          519, 520, 521, 522, 523, 524,
                                          544, 545, 546, 547, 548, 549,
                                          550, 551, 552, 553, 554, 555,
                                          556, 557, 558, 559, 560, 561,
                                          562, 563, 564, 565, 566, 567,
                                          568, 569, 570, 571, 572, 573,
                                          574, 575, 576, 577, 578, 579,
                                          580, 581, 582, 583, 584, 585,
                                          586, 587, 588, 589, 590, 591,
                                          592, 593, 594, 595, 596, 597,
                                          598, 599, 600, 601, 602, 603,
                                          604, 605, 606, 607, 736, 738,
                                          761, 762, 763, 764, 765, 766,
                                          767, 768, 769, 770, 771, 772,
                                          773, 774, 775, 776, 777, 778,
                                          779, 780, 781, 782, 783, 784,
                                          785, 786, 787, 788, 789, 790,
                                          791, 792, 793, 794, 795, 796,
                                          797, 798, 799, 800, 801, 802,
                                          803, 804, 805, 806, 807, 808,
                                          809, 810, 811, 812, 813, 814,
                                          815, 816, 817, 818, 819, 820,
                                          821, 822, 823, 824, 825, 826,
                                          827, 828, 829, 830, 831, 950,
                                          951, 952, 953, 954, 955, 956,
                                          957, 958, 959, 960, 961, 962,
                                          963, 964, 965, 966, 967, 968,
                                          969, 970, 971, 972, 973, 974,
                                          975, 976, 977, 978, 979, 980,
                                          981, 982, 983, 984, 985, 986,
                                          987, 988, 989, 990, 991, 992,
                                          993, 994, 995, 996, 997, 998,
                                          999, 1000, 1001, 1002, 1003,
                                          1004, 1005, 1006, 1007, 1008,
                                          1009, 1010, 1011, 1012, 1013,
                                          1014, 1015, 1016, 1017, 1018,
                                          1019, 1020, 1021, 1022, 1023

          Other than what is listed above, all ports are OPEN.

          TruStealth: FAILED - NOT all tested ports were STEALTH,
                            - NO unsolicited packets were received,
                            - NO Ping reply (ICMP Echo) was received.

          Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

          Asch Conformity, mainly the blind leading the blind.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            Dude I don't know what your scanning but it sure is not pfsense..  I assure you pfsense default rules would be completely stealth… Here is scan of my 2.1 box

            GRC Port Authority Report created on UTC: 2013-11-21 at 22:31:00

            Results from scan of ports: 0-1055

            1 Ports Open
                0 Ports Closed
            1055 Ports Stealth

            1056 Ports Tested

            NO PORTS were found to be CLOSED.

            The port found to be OPEN was: 443

            Other than what is listed above, all ports are STEALTH.

            TruStealth: FAILED - NOT all tested ports were STEALTH,
                              - NO unsolicited packets were received,
                              - A PING REPLY (ICMP Echo) WAS RECEIVED.

            443 is port I have open for openvpn tcp.. So I can get there from where ever, etc.  And yes I allow pings - here are my firewall wan rules - see attached

            Not sure what your scanning - but lets say pfsense firewall was down.. Look at what pfsense is running, its NOT listing on those ports you say are are open..  Look at what your pfsense is listening on

            sockstat -4 -l
            See 2nd pick of mine..  If pfsense is not listening on those ports you show open, how would they be open??  What does your sockstat look like?

            So how would they show open??  You sure you don't have some 1:1 nat setup scanning something inside your network.  Or scanning something in front of pfsense?




            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke last edited by

              My pfsense only shows the open port 443 TCP for my VPN, too. All other ports are stealth.
              And even if I do not allow ping on my pfsense WAN site the website shows it allows pings. This is probably because I have some other routers/modems in front of pfsense which do the dial-up to my ISP.

              So you should check your upstream routers/modems if the have open ports which could cause that behaviour.

              Further I am not sure if these tests are really good because you open a connection from inside your network to start the test. Probably best test would be to run a NMAP port scan from somewhere else outside your LAN on your WAN IP.

              1 Reply Last reply Reply Quote 0
              • O
                oj88 last edited by

                Just stating a possibility… Does your pfSense box gets assigned an actual public Internet address? Otherwise, it may just be sitting behind another router doing NAT and what you're seeing are actually GRC results acted on that upstream router and not on the pfSense box.

                1 Reply Last reply Reply Quote 0
                • F
                  firewalluser last edited by

                  The router (British Telecom supplied) is in DMZ mode so I wouldnt have expected that to have been been causing a problem, especially not from a global company like BT, but GRC scanning the router instead of pfsense did cross my mind as suggested above.

                  I have a couple more routers here I can try, so will try that. The weird thing I noticed is the pattern of open & stealth ports changes which suggests the router might be getting in the way, because looking in the system log I can see all the packets coming through and being blocked yet GRC was reporting otherwise….

                  Maybe this Router is supposed to have some sort of psuedo smart filtering built into it which we dont know about. Certainly with all the stuff they have built with GCHQ/NSA who knows what "extras" the router comes with.

                  Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                  Asch Conformity, mainly the blind leading the blind.

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    Great question - when you look at pfsense status, what is its wan address - is it rfc1918??  Or actual public

                    Does it start with 10.x.x.x, 192.168.x.x, 172.16-31.x.x??

                    You state " in DMZ mode "  That sounds like NAT to me..  So your pfsense is behind a NAT, and your scanning your router in front of it, etc..  What is the IP address of your wan on pfsense?

                    Also look at pfsense via sockstat for your own piece of mind – is anything listening on those ports?  If not then how could it show open?  Those ports are under 1024 -- so they sure are not being used as ports to listen for return traffic from your nat clients behind pfsense, etc.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                    1 Reply Last reply Reply Quote 0
                    • stephenw10
                      stephenw10 Netgate Administrator last edited by

                      Which BT router do you have? HomeHub 3? Are you on adsl or fttc?

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • C
                        Chucko last edited by

                        All 1056 ports turned up stealthed in my case. I don't yet have any services enabled through the firewall. The test reported "FAILED" only because I chose to configure pfSense to respond to ICMP Echo (ping).

                        1 Reply Last reply Reply Quote 0
                        • T
                          Texnet last edited by

                          Hi Everyone,

                          I know this post is old but i have just installed pfsense for the first time and I am also getting alot of ports open with the default install.  I have opened just 3 ports port 80 for our web server 443 for OWA and 25 for SMTP but I am also getting alot of other ports open according to GRC firewall test.

                          GRC Port Authority Report created on UTC: 2014-10-20 at 11:02:17

                          Results from scan of ports: 0-1055

                          627 Ports Open
                              0 Ports Closed
                            429 Ports Stealth
                          –-------------------
                          1056 Ports Tested

                          NO PORTS were found to be CLOSED.

                          Ports found to be STEALTH were: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                                                          10, 11, 12, 13, 14, 15, 16,
                                                          17, 18, 19, 20, 21, 22, 23,
                                                          24, 26, 27, 28, 29, 30, 31,
                                                          32, 33, 34, 35, 36, 37, 38,
                                                          39, 40, 41, 42, 43, 44, 45,
                                                          46, 47, 48, 49, 50, 51, 52,
                                                          53, 54, 55, 56, 57, 58, 59,
                                                          60, 61, 62, 63, 64, 94, 128,
                                                          129, 130, 131, 132, 133, 134,
                                                          135, 136, 137, 138, 139, 140,
                                                          141, 142, 143, 144, 145, 146,
                                                          147, 148, 149, 150, 151, 152,
                                                          153, 154, 155, 156, 157, 160,
                                                          161, 162, 163, 164, 165, 166,
                                                          167, 168, 169, 170, 171, 172,
                                                          173, 174, 175, 176, 177, 178,
                                                          179, 180, 181, 182, 183, 184,
                                                          185, 186, 187, 188, 189, 190,
                                                          191, 192, 193, 194, 195, 196,
                                                          197, 198, 199, 200, 201, 202,
                                                          203, 204, 205, 206, 207, 208,
                                                          209, 210, 211, 212, 213, 214,
                                                          215, 216, 217, 218, 219, 220,
                                                          221, 222, 223, 320, 321, 322,
                                                          323, 339, 352, 353, 354, 355,
                                                          356, 357, 358, 359, 360, 361,
                                                          362, 363, 364, 365, 366, 367,
                                                          368, 369, 370, 371, 372, 373,
                                                          374, 375, 376, 377, 378, 379,
                                                          380, 381, 382, 383, 384, 385,
                                                          386, 387, 388, 389, 390, 391,
                                                          392, 393, 394, 395, 396, 397,
                                                          398, 399, 400, 401, 402, 403,
                                                          404, 405, 406, 407, 408, 409,
                                                          410, 411, 412, 413, 414, 415,
                                                          558, 559, 560, 561, 562, 563,
                                                          564, 565, 566, 567, 568, 569,
                                                          570, 571, 572, 573, 574, 575,
                                                          576, 577, 578, 579, 580, 581,
                                                          582, 583, 584, 585, 586, 587,
                                                          588, 589, 590, 591, 592, 593,
                                                          594, 595, 596, 597, 598, 599,
                                                          600, 601, 602, 603, 604, 605,
                                                          606, 607, 608, 609, 610, 611,
                                                          612, 613, 614, 615, 616, 617,
                                                          618, 619, 620, 621, 622, 623,
                                                          624, 625, 626, 627, 628, 629,
                                                          630, 631, 632, 633, 634, 635,
                                                          636, 637, 638, 639, 774, 775,
                                                          800, 801, 802, 803, 804, 805,
                                                          806, 807, 808, 809, 810, 811,
                                                          812, 813, 814, 815, 816, 817,
                                                          818, 819, 820, 821, 822, 823,
                                                          824, 825, 826, 827, 828, 829,
                                                          830, 831, 832, 833, 834, 835,
                                                          836, 837, 838, 839, 840, 841,
                                                          842, 843, 844, 845, 846, 847,
                                                          848, 849, 850, 851, 852, 853,
                                                          854, 855, 856, 857, 858, 859,
                                                          860, 861, 862, 863, 992, 993,
                                                          994, 995, 996, 997, 998, 999,
                                                          1000, 1001, 1002, 1003, 1004,
                                                          1005, 1006, 1007, 1008, 1009,
                                                          1010, 1011, 1012, 1024, 1025,
                                                          1026, 1027, 1028, 1029, 1030,
                                                          1031, 1032, 1033, 1034, 1035,
                                                          1036, 1037, 1038, 1039, 1040,
                                                          1041, 1042, 1043, 1044, 1045,
                                                          1046, 1047, 1048, 1049, 1050,
                                                          1051, 1052, 1053, 1054, 1055

                          Other than what is listed above, all ports are OPEN.

                          TruStealth: FAILED - NOT all tested ports were STEALTH,
                                            - NO unsolicited packets were received,
                                            - NO Ping reply (ICMP Echo) was received.

                          I am using a public IP address on pfsense so shouldn't be seeing the router and the router in also not in DMZ mode.  Anyone have any ideas?

                          Thanks

                          1 Reply Last reply Reply Quote 0
                          • johnpoz
                            johnpoz LAYER 8 Global Moderator last edited by

                            Here is the thing.. Are you forwarding to something?  How is that pfsense would be listening on all those ports "OPEN"

                            Lets think about it for 2 seconds..  For a port to show open something had to reply..  Do you think pfsense replied because it has a service running on say 1042?  What would that service be??  Do a netstat on pfsense to see what is listening..  Did you create any forwards to another that could be listening on those ports?

                            Why don't you do a sniff on your wan when you run this scan..  Diag, packet capture - do you see inbound to those odd ball ports.  You see a syn ack back?  What is in your state table for those ports?

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                            1 Reply Last reply Reply Quote 0
                            • M
                              mikeisfly last edited by

                              Also do you have uPNP enabled? If so that could be a source of your trouble. Check to see which devices are using uPNP and which ports do that have opened.

                              1 Reply Last reply Reply Quote 0
                              • K
                                kejianshi last edited by

                                My thoughts exactly.  uPNP may be forwarding  (opening) ports you have not thought about.

                                1 Reply Last reply Reply Quote 0
                                • johnpoz
                                  johnpoz LAYER 8 Global Moderator last edited by

                                  Concur its quite possible UPnP could open up stuff - clearly this is what is wrong with UPnP in the first place - what would be requesting those privileged ports??

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10
                                    stephenw10 Netgate Administrator last edited by

                                    @johnpoz:

                                    what would be requesting those privileged ports??

                                    A virus? I can't think what else could possibly need 627 ports.
                                    UPnP isn't enabled by default though, at least you have to be vaguely aware of the consequences before enabling it. UPnP seems to cover a lot these days though. Although pfSense only implements the port forwarding parts of it I get the impression a lot of people enable it thinking it will help them with DLNA device discovery. It won't.

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • johnpoz
                                      johnpoz LAYER 8 Global Moderator last edited by

                                      Even a virus would not need 627 ports ;)  While not saying its not UPnP, I would look to something a bit more general in nature like device in front of pfsense.. ISP doing something?  Just plain something broke in GRC?.  Have you tried another scanner? Seem unlikely even that a virus would open 627 ports if you ask me..

                                      A 10 second sniff on your wan port would tell you if this traffic is even getting to pfsense and if pfsense or something behind it is answering, etc.

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        Harvy66 last edited by

                                        I've had odd  results with the GRC scan. I'm not sure where some of the "closed" responses are coming from, but when I look at my PFSense logs, the ports that show "stealth" on GRC, show a logged event in PFSense, but the ports that show "closed" in GRC, do not show in my PFSense logs. Something else up-stream is responding. The only ports I get as "closed" are related to SMB. I assume my ISP is blocking remote SMB on their firewall.

                                        1 Reply Last reply Reply Quote 0
                                        • KOM
                                          KOM last edited by

                                          0-1055 all stealth here.

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10
                                            stephenw10 Netgate Administrator last edited by

                                            @johnpoz:

                                            Even a virus would not need 627 ports ;)

                                            Yeah, not exactly stealth. Worst. Virus. Ever.  ::)

                                            Seems more likely to be not actually scanning pfSense for whatever reason. CG-NAT perhaps?

                                            Steve

                                            1 Reply Last reply Reply Quote 0
                                            • K
                                              kejianshi last edited by

                                              I actually believe those results could be true.

                                              Post an IP.  I can scan it from here.  I'm sure a few of us could confirm if the results are good or not.

                                              1 Reply Last reply Reply Quote 0
                                              • H
                                                Harvy66 last edited by

                                                @kejianshi:

                                                My thoughts exactly.  uPNP may be forwarding  (opening) ports you have not thought about.

                                                This is why I put int an explicit block on ports 1-1023. I don't want any pesky uPNP trying to do strange things.

                                                The biggest issue isn't uPNP, it's that I need to use NAT in the first place. Many games need to listen on ports, but because you can't have multiple clients all using the same ports, you can't know which ports will be used ahead of time. If port opening needs to be dynamically controlled by the client, how else does one handle this?

                                                My main concern isn't what my clients are trying to do, it's what the public Internet is trying to do to my clients. As long as standard service ports are not opened, I'm content. Home install, I'm not a network admin.

                                                1 Reply Last reply Reply Quote 0
                                                • johnpoz
                                                  johnpoz LAYER 8 Global Moderator last edited by

                                                  No the issue is how UPnP is implemented without any security/auth that allows something to be opened, and ease of control of what that device can open, etc.  Most home routers give you no control at all.

                                                  Not sure what your blocking - but inbound from the wan has all ports block out of the gate.  Where are you creating this 1-1023 block?

                                                  While its true many ports need to listen on port - they sure shouldn't be < than 1023..  Where in the list of ports are there any games that have these ports registered?

                                                  http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

                                                  I don't see any games?  No game that I could think of should be listening on a PRIVILEGED port that is for sure..

                                                  There is a SHIT load of ports to be used - how many games are you running that it should ever overlap, and people that design a game that is played over the internet and don't take into account the ability to control which ports are used are just not thinking if you ask me!!

                                                  I have never ran into such a game.  All the issues go away soon with NAT you can hope as IPv6 is here - With lots of IPs to play with that removes the need of nat completely.  These games still do not need to listen on ports < 1023..  So from his listing 416 to 557 are OPEN..  Why would something open such a big range privileged..  If we look up those ports.

                                                  example
                                                  nnsp                433        tcp    NNSP

                                                  This is port used for bulk transfers of NNTP between servers..  Why would some GAME use that port?  And since its under 1023 should require elveated permissions to even listen on that port, etc.

                                                  If I ran across a scan showing such results - the first thing I would do is run the scan again while sniffing on wan and validate for starters that scan is actually hitting my IP and that responses are leaving my interface because its so out there it is highly unlikely there is anything actually listening on all those ports to have it show "OPEN"

                                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                  If you get confused: Listen to the Music Play
                                                  Please don't Chat/PM me for help, unless mod related
                                                  2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                                                  1 Reply Last reply Reply Quote 0
                                                  • K
                                                    kejianshi last edited by

                                                    When you put in your block rules, are you rejecting with some message or dropping packets silently?

                                                    1 Reply Last reply Reply Quote 0
                                                    • H
                                                      Harvy66 last edited by

                                                      @kejianshi:

                                                      When you put in your block rules, are you rejecting with some message or dropping packets silently?

                                                      Always drop, not reject.

                                                      1 Reply Last reply Reply Quote 0
                                                      • K
                                                        kejianshi last edited by

                                                        Yep - Thats why I'm asking.

                                                        1 Reply Last reply Reply Quote 0
                                                        • S
                                                          Supermule Banned last edited by

                                                          80.197.155.13

                                                          @kejianshi:

                                                          I actually believe those results could be true.

                                                          Post an IP.  I can scan it from here.  I'm sure a few of us could confirm if the results are good or not.

                                                          1 Reply Last reply Reply Quote 0
                                                          • H
                                                            Harvy66 last edited by

                                                            @johnpoz:

                                                            No the issue is how UPnP is implemented without any security/auth that allows something to be opened, and ease of control of what that device can open, etc.  Most home routers give you no control at all.

                                                            Not sure what your blocking - but inbound from the wan has all ports block out of the gate.  Where are you creating this 1-1023 block?

                                                            While its true many ports need to listen on port - they sure shouldn't be < than 1023..  Where in the list of ports are there any games that have these ports registered?

                                                            http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

                                                            I don't see any games?  No game that I could think of should be listening on a PRIVILEGED port that is for sure..

                                                            There is a SHIT load of ports to be used - how many games are you running that it should ever overlap, and people that design a game that is played over the internet and don't take into account the ability to control which ports are used are just not thinking if you ask me!!

                                                            I have never ran into such a game.  All the issues go away soon with NAT you can hope as IPv6 is here - With lots of IPs to play with that removes the need of nat completely.  These games still do not need to listen on ports < 1023..  So from his listing 416 to 557 are OPEN..  Why would something open such a big range privileged..  If we look up those ports.

                                                            example
                                                            nnsp                433        tcp    NNSP

                                                            This is port used for bulk transfers of NNTP between servers..  Why would some GAME use that port?  And since its under 1023 should require elveated permissions to even listen on that port, etc.

                                                            If I ran across a scan showing such results - the first thing I would do is run the scan again while sniffing on wan and validate for starters that scan is actually hitting my IP and that responses are leaving my interface because its so out there it is highly unlikely there is anything actually listening on all those ports to have it show "OPEN"

                                                            "Where are you creating this 1-1023 block?"
                                                            On the WAN interface. I assume the firewall rules take precedence over the uPNP, but I could be wrong. If I am wrong, then uPNP could effectively bypass the firewall in an uncontrollable way.

                                                            "I don't see any games?"
                                                            I never said any games use those ports. Me blocking service ports only has to do with being paranoid about uPNP, assuming the block actually works against uPNP.

                                                            "There is a SHIT load of ports to be used - how many games are you running that it should ever overlap"
                                                            Running the same game on two different computers will run you into trouble if the game requires a specific port to be forwarded. How can you forward the same port to two different computers, especially if the same two computers are trying to communicate with the same servers? You can't. Many of these games require uPNP in order to use non-standard ports. Not to mention micromanaging port forwarding and messing with game configurations when you friends come over is a huge headache. Assuming the games even give you the option to manually change your ports. Most dynamically choose a port at run time, and if that port isn't being forwarded, you can't play.

                                                            1 Reply Last reply Reply Quote 0
                                                            • K
                                                              kejianshi last edited by

                                                              Supermule - Running a scan - Although, seems more likely thats your server…

                                                              Its abit slow.  Taking its time.

                                                              1 Reply Last reply Reply Quote 0
                                                              • S
                                                                Supermule Banned last edited by

                                                                :D Its my homenetwork guarded by pfSense and some other gimmicks :D

                                                                1 Reply Last reply Reply Quote 0
                                                                • S
                                                                  Supermule Banned last edited by

                                                                  Is 77.66.122.109 your IP?

                                                                  @kejianshi:

                                                                  Supermule - Running a scan - Although, seems more likely thats your server…

                                                                  Its abit slow.  Taking its time.

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • K
                                                                    kejianshi last edited by

                                                                    Yeah - I'm into your porn now…  (kidding)
                                                                    Still running.  I'll post the results, although I'm sure the results will be next to nothing.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • S
                                                                      Supermule Banned last edited by

                                                                      Are you located in Copenhagen or just hooking up on some VPN??

                                                                      IP address: 77.66.122.109
                                                                      Reverse DNS: No Reverse DNS found
                                                                      Reverse DNS Authenticity: Unknown
                                                                      ISP: Netgroup A/s
                                                                      Country: Denmark Denmark
                                                                      CountryCode: DK
                                                                      Region: Hovedstaden
                                                                      City: Copenhagen
                                                                      Private IP: No

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • K
                                                                        kejianshi last edited by

                                                                        I'm in Manilla…
                                                                        That VM is running on a machine is in a rack in Copenhagen. 
                                                                        I did use a VPN to access the desktop and kick off the scan, but I'm not in the desktop right now.
                                                                        Looks like it will take about another 20 minutes.  Abit like watching paint dry.
                                                                        I'll check it again in 20.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • K
                                                                          kejianshi last edited by

                                                                          All scanned port filtered.  Also doesn't respond to ping.

                                                                          In other words, less than nothing.

                                                                          I only scanned 2000 ports.

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • S
                                                                            Supermule Banned last edited by

                                                                            Thanks dude. :)

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • Derelict
                                                                              Derelict LAYER 8 Netgate last edited by

                                                                              2.1.5 Cox Las Vegas.

                                                                              
                                                                              –--------------------------------------------------------------------
                                                                              
                                                                              GRC Port Authority Report created on UTC: 2014-10-20 at 18:41:47
                                                                              
                                                                              Results from scan of ports: 0-1055
                                                                              
                                                                                  0 Ports Open
                                                                                  0 Ports Closed
                                                                               1056 Ports Stealth
                                                                              ---------------------
                                                                               1056 Ports Tested
                                                                              
                                                                              ALL PORTS tested were found to be: STEALTH.
                                                                              
                                                                              TruStealth: FAILED - ALL tested ports were STEALTH,
                                                                                                 - NO unsolicited packets were received,
                                                                                                 - A PING REPLY (ICMP Echo) WAS RECEIVED.
                                                                              
                                                                              ----------------------------------------------------------------------
                                                                              
                                                                              

                                                                              Chattanooga, Tennessee, USA
                                                                              The pfSense Book is free of charge!
                                                                              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • johnpoz
                                                                                johnpoz LAYER 8 Global Moderator last edited by

                                                                                "Most dynamically choose a port at run time, and if that port isn't being forwarded, you can't play."

                                                                                What game is this - that is moronic way to do it..

                                                                                "How can you forward the same port to two different computers,"

                                                                                I never said you could, that is why game on computer A uses port X, game on computer B uses port Y, etc.  You seem to completely miss the point, as to your block on WAN??  There is already a BLOCK for ANY, unless you allow it its block.. Putting in another block is pointless!!  And yes UPnP would create an allow rule – which is the issue with it in the first place!

                                                                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                                If you get confused: Listen to the Music Play
                                                                                Please don't Chat/PM me for help, unless mod related
                                                                                2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • stephenw10
                                                                                  stephenw10 Netgate Administrator last edited by

                                                                                  Hmm, this is unclear to me. Adding a block rule is not the same as there being no allow rule.
                                                                                  Where, logically, in the chain of rules does the upnp added rule appear?

                                                                                  Steve

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • T
                                                                                    Texnet last edited by

                                                                                    Hi All,

                                                                                    Thanks for your replies.  I have checked the rules i have in place and these are just TCP only not UDP.  There are no rules set for the ports that state open the GRC test states there is 640 Ports Open i know i do not have rules for these.  I have disabled UDP on the BT business hub as an extra measure and run the test again but this made no difference.  I have attached our current rules applied.  I am wondering if it is in fact the BT business hub that is responding not the firewall as if i turn on the firewall on the business hub we get true stealth?

                                                                                    Thanks

                                                                                    ![firewall rules.png](/public/imported_attachments/1/firewall rules.png)
                                                                                    ![firewall rules.png_thumb](/public/imported_attachments/1/firewall rules.png_thumb)

                                                                                    1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post