Jump to content



Photo

Click here to see if your router is listening on port 32764


  • Please log in to reply
90 replies to this topic

Poll: Was your router listening on port 32764?

Was your router listening on port 32764?

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#31 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 12 January 2014 - 01:45

To be fair, a perfectly working router with UPnP/NAT-PMP/PCP can be told to open ports in the firewall without needing a backdoor.


#32 Blueclub

Blueclub

    Neowinian

  • Joined: 15-October 05
  • Location: Karachi, Pakistan
  • OS: Windows 8.1 Pro x64
  • Phone: OnePlus One

Posted 12 January 2014 - 01:50

Stealth for me :)



#33 +theblazingangel

theblazingangel

    Software Engineer

  • Tech Issues Solved: 5
  • Joined: 25-March 04
  • Location: England, UK

Posted 12 January 2014 - 02:03

To be fair, a perfectly working router with UPnP/NAT-PMP/PCP can be told to open ports in the firewall without needing a backdoor.

 

Open ports, yes fair point, but while opening ports via UPNP/etc may lead to some level of compromise of hosts via temporary hole punching, this backdoor, depending on precisely what is possible (which seems to be lots from a cursory read), provides much more potential power to an attacker. This includes persistent access into a network; a man-in-the-middle platform as already mentioned; and potentially the ability to sniff LAN-host to LAN-host traffic. It could also potentially allow an attacker to use the router as an anonymous proxy and thus could even result in a visit from law enforcement mistakenly arresting you for illegal activity of the attacker. Furthermore, exposure via UPNP can be fixed simply with a configuration change, while a properly compromised router could present much more of a challenge.



#34 +devHead

devHead

    Get Off The Bandwagon, Put Down The Handbook

  • Tech Issues Solved: 2
  • Joined: 08-August 01
  • Location: Arizona... Among The Trees
  • OS: Windows 8.1 Pro
  • Phone: Nokia Lumia 521

Posted 12 January 2014 - 02:12

Yep then there is that bug where the text gets cut off.

yeah, what's up with that?



#35 Raa

Raa

    Resident president

  • Tech Issues Solved: 5
  • Joined: 03-April 02
  • Location: NSW, Australia

Posted 12 January 2014 - 02:45

Stealth, as expected.



#36 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 12 January 2014 - 05:49

isn't the 32764 exploit listening in on your LAN? You should be trying to go to routerip:32764 from inside your network to see if it returns anything no?



#37 Aheer.R.S.

Aheer.R.S.

    I cannot Teach Him, the Boy has no Patience!

  • Tech Issues Solved: 9
  • Joined: 15-October 10

Posted 12 January 2014 - 05:52

Cisco or Linksys, (take your pick) Stock firmware E4200 status Stealth

 

My thanks to Warwagon for the link I was curious about my settings as I haven't installed ddwrt



#38 hyde+

hyde+

    High Definition

  • Joined: 28-September 07
  • Location: New York

Posted 12 January 2014 - 06:08

Can we just use this website to probe all ports and have it report back if it finds any vulnerable ports open / apps running? For example, at our office, we use SQL and we forward a random port from external to a different random port internally that corresponds to our SQL database so our remote users can access it.

We get tons of probes from random hackers, of course we have several security measures, simplest being allowed IP blocks, Mac addresses, etc.. So when someone outside these IP ranges or mac addresses probe that port, they immediately get blocked, and blocked forever.

 

At home, we don't have such setup, so I would love to have something proble all 65535  and report back, is this possible?

I used ShieldsUP! and got

 

 

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

 

But I don't think this scans all open ports/etc..

 

PS:

Result of my budget TP LINK WDR3600, Stealth.



#39 riahc3

riahc3

    Neowin's most indecisive member

  • Tech Issues Solved: 11
  • Joined: 09-April 03
  • Location: Spain
  • OS: Windows 7
  • Phone: HTC Desire Z

Posted 12 January 2014 - 06:13

Hello,

I'm not sure you what you are talking about. Was it discovered that there is legitimate reason for that particular port to be open? I was under the impression that there was a specific exploitable vulnerability.

If YOU (not 1000s of documents/videos/articles/pictures/etc "leaked" on the internet) can prove that this mysterious port is a backdoor, then I will first apologize then I will fully believe you.

Till then, there is no backdoor.

#40 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 12 January 2014 - 06:23

Hello,
If YOU (not 1000s of documents/videos/articles/pictures/etc "leaked" on the internet) can prove that this mysterious port is a backdoor, then I will first apologize then I will fully believe you.

Till then, there is no backdoor.

 

 

the whole point of a backdoor is to not be obviously identifiable as one. granted, they usually suck at actually achieving this, but then again we only ever notice the bad ones because the good ones never get detected.

 

in any case, whether it's an intentional backdoor or not, it's certainly been well established that there's an exploitable security vulnerability. do you think someone who got hit via it will care whether someone put it there on purpose or was just bad at their job?



#41 riahc3

riahc3

    Neowin's most indecisive member

  • Tech Issues Solved: 11
  • Joined: 09-April 03
  • Location: Spain
  • OS: Windows 7
  • Phone: HTC Desire Z

Posted 12 January 2014 - 06:27

Hello,

the whole point of a backdoor is to not be obviously identifiable as one. granted, they usually suck at actually achieving this, but then again we only ever notice the bad ones because the good ones never get detected.
 
in any case, whether it's an intentional backdoor or not, it's certainly been well established that there's an exploitable security vulnerability. do you think someone who got hit via it will care whether someone put it there on purpose or was just bad at their job?

the whole point of a alien sighting is to not be obviously identifiable as one. granted, they usually suck at actually achieving this, but then again we only ever notice the bad ones because the good ones never get detected.
 
in any case, whether it's an intentional alien sighting or not, it's certainly been well established that there are alien sightings. do you think someone who saw them will care whether someone let themselves be seen on purpose or was just bad at their job?

See what I did there? ;) (Wording is a bit off but...)

#42 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 12 January 2014 - 06:27

Hello,
If YOU (not 1000s of documents/videos/articles/pictures/etc "leaked" on the internet) can prove that this mysterious port is a backdoor, then I will first apologize then I will fully believe you.

Till then, there is no backdoor.


It's either a backdoor or a developer tool they somehow left in.

One of the things is does is give the connected user a dump of all the operating variables, including the access passwords and the wifi passwords.

#43 riahc3

riahc3

    Neowin's most indecisive member

  • Tech Issues Solved: 11
  • Joined: 09-April 03
  • Location: Spain
  • OS: Windows 7
  • Phone: HTC Desire Z

Posted 12 January 2014 - 06:30

Hello,

It's either a backdoor or a developer tool they somehow left in.

One of the things is does is give the connected user a dump of all the operating variables, including the access passwords and the wifi passwords.

So now it is a developer tool they somehow left in....

OK; Can you do this? Generate a dump of all the operating variables of a remote router?

#44 The Dark Knight

The Dark Knight

    Neowinian Senior

  • Joined: 06-June 04
  • OS: Windows 8 Pro x64
  • Phone: Nexus 4

Posted 12 January 2014 - 06:33

Stealth over here. ASUS RT-N56U running custom firmware. :)



#45 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 12 January 2014 - 06:38

Hello,
So now it is a developer tool they somehow left in....

OK; Can you do this? Generate a dump of all the operating variables of a remote router?

 

It literally gives you shell access, allows you dump ram contents, get configuration variables, restore default settings, allows you to switch to bridge mode, gives you the ability to perform buffer overflows, etc. This is pretty much the definition of a backdoor from a security standpoint. ANY unauthorized and undocumented access ability is a backdoor regardless of whether it is a developer tool or not.

 

And, no I'm not testing this out (especially considering I don't actually own any susceptible hardware). You'll have to take the word of the Internet for it. No reason to doubt it is true though.