Jump to content

Was your router listening on port 32764?   141 votes

  1. 1. Was your router listening on port 32764?

    • Yes
      1
    • No I was stealth or closed
      140

Please sign in or register to vote in this poll.

Question

Posted

Click here to see if your router is listening on port

 

Click the link below then click the "Probe THIS port button"

http://GRC.com/portprobe=32764

 

http://www.neowin.net/news/some-routers-found-to-be-listening-on-undocumented-port

 

A few days ago, a known hacker named Eloi Vanderbeken posted up a note on GitHub. He wrote about his discovery that his Linksys WAG200G wireless DSL gateway was listening on the undocumented TCP port 32764. He later found that the port was open on a number of other routers from Linksys, Netgear, Cisco and others. While some of these products have the port open just on their local network, several of them are exposed when connected to the Internet.

 

So why do so many of these routers have this previously unknown port? It's not currently known, but the GHacks.net website offers up several ways to find out if a home or work router has this undocumented port active.

If the port is found, the site has a number of recommendations to close this vulnerability. They include adding a rule to the router's firewall to block the 32764 port or downloading an open source firmware for the hardware

. Of course, the easiest thing to do is simply replace the router with one that is not listening in on the port.

 

 

1 person likes this

Share this post


Link to post
Share on other sites

90 answers to this question

  • 0

Posted

Hello,

Why? It's not exactly the first time there is a reported backdoor method to access networking devices. If it were a hoax then it would be found out given that people testing the platforms would not find it. Or are suggesting that all of the various sources are a collective and elaborate orchestrated hoax? Going down the road of having to independently verify everything you read is absurd and impossible.

Why not? Just because once upon two decades ago there was a backdoor* doesnt mean everytime someone says there is a backdoor on the internet, its true...

We have seen collective and elaborated orchestrated hoaxs as well. Why isnt this one another one too?
 

Huh? It's been proven multiple times over by different people and there's exploit code floating around, it's been definitively proven.

Did you yourself test out this exploit code?


My point behind all of this is that some backdoors are extremely exaggerated....I believe most current ones are.

Ive replied everything Ive needed to in this thread without further derailing it. If someone wishes to prove to me about these backdoors, they are more than welcome to :) And no, 1000s of links on a detailed and technical explanation are not proof, they are theories.


* - I also want to point out that there is a difference between a backdoor and a bug. While it may seem intentional, some backdoors might actually be bugs that, for various reasons, may never be patched at left alone

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,
Why not? Just because once upon two decades ago there was a backdoor* doesnt mean everytime someone says there is a backdoor on the internet, its true...

We have seen collective and elaborated orchestrated hoaxs as well. Why isnt this one another one too?

 

No... as in the last one was three months ago. It isn't uncommon and it is probably not intentional in most cases. If there are various sources of evidence and detailed information on how to use the backdoor, it is unlikely to be made up. There is no reason to believe otherwise in the face of reasonable evidence.

 
It's unlikely to be a hoax because it is both falsifiable and verifiable. Hoaxes are neither those things or they are disproven. Again, I really don't understand the logic here. If you were to ignore evidence and make the requirement that you must independently verify everything you wouldn't be able to determine whether anything you read is ever real.
 
 

Ive replied everything Ive needed to in this thread without further derailing it. If someone wishes to prove to me about these backdoors, they are more than welcome to  :) And no, 1000s of links on a detailed and technical explanation are not proof, they are theories.

Explanations on how to exploit a backdoor and detailed discussion are evidence. Thousands of reliable sources would be a whole lot of evidence. You are just pushing the goalpost to absurdity. No-one can test here because we aren't running exploitable routers as you well know. As such, it is unreasonable to ask us to do so.

1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

...
Explanations on how to exploit a backdoor and detailed discussion are evidence. Thousands of reliable sources would be a whole lot of evidence. You are just pushing the goalpost to absurdity. No-one can test here because we aren't running exploitable routers as you well know. As such, it is unreasonable to ask us to do so.


And of course trying it on a random router over the internet is illegal, and I'm guessing most people aren't willing to hack into a computer network to prove a point on a forum.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

Of course my router is stealth! ;)

Share this post


Link to post
Share on other sites
  • 0

Posted

To be fair, a perfectly working router with UPnP/NAT-PMP/PCP can be told to open ports in the firewall without needing a backdoor.

A fair point, but the client inside the LAN still has to establish the UPnP session for the router to open the port to that device. Without that, anything external is blind of anything internal.

Regarding this open port, I doubt it's anything to worry about. People hear phrases like 'open ports' and panic. Its just one step to doing something malicious.

 

Even though NAT wasn't designed to be a security measure, it's a really good one.

Share this post


Link to post
Share on other sites
  • 0

Posted

port is stealthed here (y)

Share this post


Link to post
Share on other sites
  • 0

Posted

A fair point, but the client inside the LAN still has to establish the UPnP session for the router to open the port to that device. Without that, anything external is blind of anything internal.
Regarding this open port, I doubt it's anything to worry about. People hear phrases like 'open ports' and panic. Its just one step to doing something malicious.
 
Even though NAT wasn't designed to be a security measure, it's a really good one.


Ehh, I've never really felt it was a security measure at all, that's a job for the firewall (Even though it's designed to break end to end connectivity, it's actually fairly easy to punch a hole through a NAT, most software does it automatically these days, the Xbox One punches holes in it for P2P, etc. Even without stuff like UPnP)

Share this post


Link to post
Share on other sites
  • 0

Posted

Stealth

Share this post


Link to post
Share on other sites
  • 0

Posted

Stealth - Netgear R7000

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,
There is no backdoor.

Everyone has a backdoor.  In fact, everyone uses it, daily.

Share this post


Link to post
Share on other sites
  • 0

Posted

It's also why I use whitelisting (any unknown MAC ID gets voted off the network).

MAC filtering is pretty easy to bypass.

 

I was able to get onto a network using MAC filtering by merely spoofing my MAC address.

Share this post


Link to post
Share on other sites
  • 0

Posted

MAC filtering is pretty easy to bypass.

I was able to get onto a network using MAC filtering by merely spoofing my MAC address.


You mean you would first have to get one of the allowed mac addresses.

Share this post


Link to post
Share on other sites
  • 0

Posted

Seems like a good way to really hide a backdoor would be having a rule that only IP range X thru X could even access the backdoor. Then it could not even be discovered by anyone else or at least really limited.

Share this post


Link to post
Share on other sites
  • 0

Posted

Stealth.  Netgear.... black one.

Share this post


Link to post
Share on other sites
  • 0

Posted

You mean you would first have to get one of the allowed mac addresses.


Which is easy, if you can break the security you can sniff a packet.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

:shiftyninja: >>Stealth<< :shiftyninja: 

Share this post


Link to post
Share on other sites
  • 0

Posted

Closed

Share this post


Link to post
Share on other sites
  • 0

Posted

Closed. So far 103 are closed.

Share this post


Link to post
Share on other sites
  • 0

Posted

You mean you would first have to get one of the allowed mac addresses.

Attached to every data packet leaving that network, right?

 

I am not a security expert, but from what I have experienced, MAC filtering hasn't hindered nor helped security on a network other than to stop those who wouldn't have the know-how to crack the initial security anyway.  If there was a backdoor on routers, getting a whitelisted MAC I imagine is pretty straightforward.

 

I could be wrong and welcome someone more knowledgeable than me to set me straight in the matter.

Share this post


Link to post
Share on other sites
  • 0

Posted

If the backdoor was publicly accessible, you could simply connect to the router and copy the a MAC address, or modify one to add your box to the allowed list.

MAC filtering is a leftover of the WEP days where somebody could break into your network in a couple of minutes (So every bit of "security" was helpful), now with WPA2-PSK with AES that isn't going to happen, it's easier to physically break in and plug into a switch (Which is the point really, it requires the attacker to have physical access to break in, which should be much harder to overcome)

If somebody can break your AES secured wifi network, then you can be sure as hell that a MAC filter won't hinder them in the slightest.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

Ehh, I've never really felt it was a security measure at all, that's a job for the firewall (Even though it's designed to break end to end connectivity, it's actually fairly easy to punch a hole through a NAT, most software does it automatically these days, the Xbox One punches holes in it for P2P, etc. Even without stuff like UPnP)

Not really, everything is blind to anything internal when the gateway is behind a NAT for the simple reason. Every router will drop every packet incoming if it has no entry on the translation table. The only way to 'poke' a hole through NAT is by a client sending a message out on that port, after that any incoming traffic which comes in on that port will be sent to that client.

 

The 360 and X1 used to sometimes get round this by using a flavour of UPnP but it uses the same ideology that the client sends a packet, in which then the servers initiates the stream. UPnP is a standard for how clients establish an entry in the translation table and prompt the device to transmit, but it has to be initiated by the client.

 

So if you wanted to open a port to a client on a LAN behind a NAT for malicious purposes, you have to install some malware on the device you want and time it to be able to send packets at specific times. Keeping in mind that a router will usually drop a entry in the NAT table after only a couple of seconds of inactivity from that client.

Share this post


Link to post
Share on other sites
  • 0

Posted

32764 transpixel.gif
Stealth Unknown Protocol for this port
Unknown Application for this port

Share this post


Link to post
Share on other sites
  • 0

Posted

Stealth AC66U

Share this post


Link to post
Share on other sites
  • 0

Posted

Buffalo AirStation

Share this post


Link to post
Share on other sites
  • 0

Posted

So is this FUD?  So far over 100 closed ports.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.