Jump to content



Photo

Click here to see if your router is listening on port 32764


  • Please log in to reply
90 replies to this topic

Poll: Was your router listening on port 32764?

Was your router listening on port 32764?

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#16 Geoffrey B.

Geoffrey B.

    LittleNeutrino

  • Tech Issues Solved: 11
  • Joined: 25-July 05
  • Location: Ohio
  • OS: Windows 7 Ultimate
  • Phone: Nokia Lumia 928 WP8.10.14203.306

Posted 11 January 2014 - 22:10

Mine is set to stealth as well.


#17 +LambdaLambdaLambdaFn

LambdaLambdaLambdaFn

    Neowinian

  • Joined: 13-November 13

Posted 11 January 2014 - 22:16

Stealth.  Linksys WRTP54G



#18 riahc3

riahc3

    Neowin's most indecisive member

  • Tech Issues Solved: 11
  • Joined: 09-April 03
  • Location: Spain
  • OS: Windows 7
  • Phone: HTC Desire Z

Posted 11 January 2014 - 22:28

Hello,

This doesn't reliability tell you if you have a backdoor in general though. The design could be such that some routers report stealth unless a magic packet is sent to the specific port... that'd be certainly the way I'd implement it myself if I were hiding a backdoor.

There is no backdoor.

#19 +devHead

devHead

    Get Off The Bandwagon, Put Down The Handbook

  • Tech Issues Solved: 2
  • Joined: 08-August 01
  • Location: Arizona... Among The Trees
  • OS: Windows 8.1 Pro
  • Phone: Nokia Lumia 521

Posted 11 January 2014 - 22:39

Status: STEALTH



#20 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 11 January 2014 - 22:40

Status: STEALTH

Yep then there is that bug where the text gets cut off.



#21 JJ_

JJ_

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 31-July 05

Posted 11 January 2014 - 22:47

My router is a Belkin running Tomato USB. GRC reports the port as stealth.

#22 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 11 January 2014 - 22:50

Hello,
There is no backdoor.

 

I'm not sure you what you are talking about. Was it discovered that there is legitimate reason for that particular port to be open? I was under the impression that there was a specific exploitable vulnerability.



#23 Boo Berry

Boo Berry

    Neowinian Ghost

  • Tech Issues Solved: 6
  • Joined: 26-March 05
  • Location: United States
  • OS: Windows 8.1 Pro 64-bit Mac OS X Yosemite 10.10.1 Ubuntu 14.10 64-bit

Posted 11 January 2014 - 22:52

Stealth.



#24 PGHammer

PGHammer

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 31-August 03
  • Location: Accokeek, MD
  • OS: Windows 8 Pro with Media Center x64

Posted 11 January 2014 - 23:51

Status: CLOSED (Netgear WNDR3700v4 with latest factory firmware)



#25 virtorio

virtorio

    Neowinian Senior

  • Tech Issues Solved: 14
  • Joined: 28-April 03
  • Location: New Zealand
  • OS: OSX 10.10, Windows 8.1
  • Phone: LG G3

Posted 12 January 2014 - 00:06

Stealth on a TP-Link TD-W8968



#26 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 12 January 2014 - 00:19

Ahh right. Networking isn't my forte so I was confused for a moment. Cheers guys. (Y)


Ehh, Stealth isn't any more secure than Closed, it just gives the idea what the system is powered off (Because at this point it's not like you'll find an unused IPv4 address). I setup my firewall to close connections (So it reports as closed, funnily enough) because it's faster than dropping them (The other system will retry) and it's easier to deal with debugging in that case.

Responding to pings would give an attacker more information (Yet, is still just as harmless)

#27 TPreston

TPreston

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Enterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520

Posted 12 January 2014 - 00:21

32764
Closed Unknown Protocol for this port
Unknown Application for this port

877w

#28 ReimondX

ReimondX

    IT Technician

  • Joined: 30-June 12
  • Location: USA
  • OS: Windows 7 Home Premium 32-bit
  • Phone: LG 500G

Posted 12 January 2014 - 01:11

Netgear RP614v4

 


Port     Status Protocol and Application transpixel.gif
32764  Stealth Unknown Protocol for this port
Unknown Application for this port
 
I would have to manually set this port open from the router's firewall settings by Port Forwarding and Adding a Custom Service.


#29 +theblazingangel

theblazingangel

    Software Engineer

  • Tech Issues Solved: 6
  • Joined: 25-March 04
  • Location: England, UK

Posted 12 January 2014 - 01:29

I am concerned here that people may be misunderstanding what the result given by the grc link actually means. I think some clarification is needed...

 

Everyone, the result you are getting does not necessarily mean what you think it does! Please understand the following:

 

The scan provided by grc only performs a REMOTE scan against the EXTERNAL/internet-facing port on your router. Very few of the routers with this vulnerability/backdoor (those by far the most at risk) actually expose this backdoor externally (see the list on the github page). While a stealth/closed result on the external side is good, your router may still be exposing the port on the local side, to all hosts within your LAN. This is less critical than external exposure, but never the less may still be something you should be concerned about.

 

Why? Well, any malware, on any machine on your LAN (or VM with an active NAT/bridged network adapter), has the opportunity to connect to and compromise your router. Similarly an attacker who has compromised a machine/VM could do so.

 

So? So, a compromised router can, for example, open up additional external ports, allowing attackers through your router's NAT and firewall to hosts on your LAN, potentially leading to compromise via exposed vulnerable services. Another possibility is that a compromised router could provide a platform for man-in-the-middle attacks against all hosts on your LAN (when connecting externally to something).

 

edit: To know whether your router has this backdoor on the LAN side, check the list of routers provided in the github link. If your router isn't listed, or you want to check for yourself anyway, visit some of the other links provided in the first post to find some methods to do so.



#30 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 12 January 2014 - 01:30

I am concerned here that people may be misunderstanding what the result given by the grc link actually means. I think some clarification is needed...

 

Everyone, the result you are getting does not necessarily mean what you think it does! Please understand the following:

 

The scan provided by grc only performs a REMOTE scan against the EXTERNAL/internet-facing port on your router. Very few of the routers with this vulnerability/backdoor (those by far the most at risk) actually expose this backdoor externally (see the list on the github page). While a stealth/closed result on the external side is good, your router may still be exposing the port on the local side, to all hosts within your LAN. This is less critical than external exposure, but never the less may still be something you should be concerned about.

 

Why? Well, any malware, on any machine on your LAN (or VM with an active NAT/bridged network adapter), has the opportunity to connect to and compromise your router. Similarly an attacker who has compromised a machine/VM could do so.

 

So? So, a compromised router can, for example, open up additional external ports, allowing attackers through your router's NAT and firewall to hosts on your LAN, potentially leading to compromise via exposed vulnerable services. Another possibility is that a compromised router could provide a platform for man-in-the-middle attacks against all hosts on your LAN (when connecting externally to something).

^awesome point