+Warwagon MVC Posted January 11, 2014 MVC Share Posted January 11, 2014 Click here to see if your router is listening on port Click the link below then click the "Probe THIS port button" http://GRC.com/portprobe=32764 https://www.neowin.net/news/some-routers-found-to-be-listening-on-undocumented-port A few days ago, a known hacker named Eloi Vanderbeken posted up a note on GitHub. He wrote about his discovery that his Linksys WAG200G wireless DSL gateway was listening on the undocumented TCP port 32764. He later found that the port was open on a number of other routers from Linksys, Netgear, Cisco and others. While some of these products have the port open just on their local network, several of them are exposed when connected to the Internet. So why do so many of these routers have this previously unknown port? It's not currently known, but the GHacks.net website offers up several ways to find out if a home or work router has this undocumented port active. If the port is found, the site has a number of recommendations to close this vulnerability. They include adding a rule to the router's firewall to block the 32764 port or downloading an open source firmware for the hardware . Of course, the easiest thing to do is simply replace the router with one that is not listening in on the port. neufuse 1 Share Link to comment Share on other sites More sharing options...
McKay Posted January 11, 2014 Share Posted January 11, 2014 Status: closed I take it thats a "no"? Link to comment Share on other sites More sharing options...
firey Posted January 11, 2014 Share Posted January 11, 2014 Mine says status: stealth. Link to comment Share on other sites More sharing options...
Kriz Posted January 11, 2014 Share Posted January 11, 2014 Stealth :shiftyninja: Jose_49 1 Share Link to comment Share on other sites More sharing options...
He's Dead Jim Posted January 11, 2014 Share Posted January 11, 2014 . Stealth Link to comment Share on other sites More sharing options...
trek Posted January 11, 2014 Share Posted January 11, 2014 Stealth. Cisco ASA 5510. TPreston 1 Share Link to comment Share on other sites More sharing options...
snaphat (Myles Landwehr) Member Posted January 11, 2014 Member Share Posted January 11, 2014 This doesn't reliability tell you if you have a backdoor in general though. The design could be such that some routers report stealth unless a magic packet is sent to the specific port... that'd be certainly the way I'd implement it myself if I were hiding a backdoor. Squirrelington, Phouchg, +theblazingangel and 3 others 6 Share Link to comment Share on other sites More sharing options...
The_Observer Posted January 11, 2014 Share Posted January 11, 2014 Stealth for me. Link to comment Share on other sites More sharing options...
Nick H. Supervisor Posted January 11, 2014 Supervisor Share Posted January 11, 2014 Stealth? Forgive my ignorance, but is that a good thing? The status of the router at my mum's place is closed. I'll check on my router tomorrow when I get back. Link to comment Share on other sites More sharing options...
Unksi Posted January 11, 2014 Share Posted January 11, 2014 Stealth? Forgive my ignorance, but is that a good thing? The status of the router at my mum's place is closed. I'll check on my router tomorrow when I get back. In this case, I'd say stealth (drops the packet without any response) is the best, closed is good as well (it gives back an response, though the port is still closed). Nick H. 1 Share Link to comment Share on other sites More sharing options...
KingCracker Posted January 11, 2014 Share Posted January 11, 2014 Stealth for me too. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted January 11, 2014 Author MVC Share Posted January 11, 2014 Stealth? Forgive my ignorance, but is that a good thing? The status of the router at my mum's place is closed. I'll check on my router tomorrow when I get back. Stealth A "Stealth" port is one that completely ignores and simply "drops" any incoming packets without telling the sender whether the port is "Open" or "Closed" for business. When all of your system's ports are stealth (and assuming that your personal firewall security system doesn't make the mistake of "counter-probing" the prober), your system will be completely opaque and invisible to the random scans which continually sweep through the Internet. Even if this machine had previously been scanned and logged by a would-be intruder, a methodical return to this IP address will lead any attacker to believe that your machine is turned off, disconnected, or no longer exists. You couldn't ask for anything better. Your personal firewall or NAT router protected system is acting like a black hole for TCP/IP packets. That's very cool. If your system did NOT show up as Stealth, but you would like it to, you will need to use one of the many free or inexpensive personal firewalls that are now widely available. Of the many firewalls on that list, we recommend (in alphabetical order) firewalls from Agnitum, Kerio, Norton, Sygate, Tiny, and ZoneLabs. I describe the operation of personal firewalls on this page. Closed "Closed" is the best you can hope for without a stealth firewall or NAT router in place. At least the port is not "Open" for business and accepting connections from the probes which are continually sweeping the Internet searching for exploitable systems. Anyone scanning past your IP address will detect your PC, but "closed" ports will quickly refuse connection attempts. Since it's much faster for a scanner to re-scan a machine that's known to exist, the presence of your machine might be logged for further scrutiny at a later time ? for example, when a new operating system vulnerability is discovered and before the potential for exploitation has been repaired. For this reason it is important for you to stay current with updates from your operating system vendor since new potential vulnerabilities are discovered frequently. AS NOTED ABOVE: If your system did NOT show up as Stealth, but you would like it to, you will need to use one of the many free or inexpensive personal firewalls that are now widely available. Of the many firewalls on that list, we recommend (in alphabetical order) firewalls from Agnitum, Kerio, Norton, Sygate, Tiny, and ZoneLabs. I describe the operation of personal firewalls on this page. Charisma, Nick H. and neufuse 3 Share Link to comment Share on other sites More sharing options...
Nick H. Supervisor Posted January 11, 2014 Supervisor Share Posted January 11, 2014 <Explanation> <Detailed explanation>Ahh right. Networking isn't my forte so I was confused for a moment. Cheers guys. (Y) Link to comment Share on other sites More sharing options...
Buttus Posted January 11, 2014 Share Posted January 11, 2014 now, i'm not up on all of this, but would this report about the setting of the firewall on my computer? or the router itself? Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted January 11, 2014 Author MVC Share Posted January 11, 2014 now, i'm not up on all of this, but would this report about the setting of the firewall on my computer? or the router itself? If you are behind a router, then router If you are connected directly to the internet with an internet IP instead of a none routable on then it's testing your computers firewall. neufuse 1 Share Link to comment Share on other sites More sharing options...
LittleNeutrino Veteran Posted January 11, 2014 Veteran Share Posted January 11, 2014 Mine is set to stealth as well. Link to comment Share on other sites More sharing options...
LambdaLambdaLambdaFn Posted January 11, 2014 Share Posted January 11, 2014 Stealth. Linksys WRTP54G Link to comment Share on other sites More sharing options...
riahc3 Posted January 11, 2014 Share Posted January 11, 2014 Hello, This doesn't reliability tell you if you have a backdoor in general though. The design could be such that some routers report stealth unless a magic packet is sent to the specific port... that'd be certainly the way I'd implement it myself if I were hiding a backdoor.There is no backdoor. Link to comment Share on other sites More sharing options...
+devHead Subscriber² Posted January 11, 2014 Subscriber² Share Posted January 11, 2014 Status: STEALTH Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted January 11, 2014 Author MVC Share Posted January 11, 2014 Status: STEALTH Yep then there is that bug where the text gets cut off. snaphat (Myles Landwehr) 1 Share Link to comment Share on other sites More sharing options...
JJ_ Posted January 11, 2014 Share Posted January 11, 2014 My router is a Belkin running Tomato USB. GRC reports the port as stealth. Link to comment Share on other sites More sharing options...
snaphat (Myles Landwehr) Member Posted January 11, 2014 Member Share Posted January 11, 2014 Hello, There is no backdoor. I'm not sure you what you are talking about. Was it discovered that there is legitimate reason for that particular port to be open? I was under the impression that there was a specific exploitable vulnerability. Link to comment Share on other sites More sharing options...
Boo Berry Posted January 11, 2014 Share Posted January 11, 2014 Stealth. Link to comment Share on other sites More sharing options...
PGHammer Posted January 11, 2014 Share Posted January 11, 2014 Status: CLOSED (Netgear WNDR3700v4 with latest factory firmware) Link to comment Share on other sites More sharing options...
+virtorio MVC Posted January 12, 2014 MVC Share Posted January 12, 2014 Stealth on a TP-Link TD-W8968 Link to comment Share on other sites More sharing options...
Recommended Posts