Jump to content



Photo

Click here to see if your router is listening on port 32764


  • Please log in to reply
90 replies to this topic

Poll: Was your router listening on port 32764?

Was your router listening on port 32764?

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#76 Ironman273

Ironman273

    Neowinian Fanatic

  • Tech Issues Solved: 4
  • Joined: 26-October 01
  • Location: Florida
  • OS: Windows 8.1 Pro (Work) Windows 10 (Home)
  • Phone: Blu Win HD W510u

Posted 14 January 2014 - 18:36

So is this FUD?  So far over 100 closed ports.




#77 +MikeChipshop

MikeChipshop

    Miniman

  • Tech Issues Solved: 3
  • Joined: 02-October 06
  • Location: Scotland
  • OS: Windows 8, iOS, Android, WP8
  • Phone: HTC 8X / Nexus 5

Posted 14 January 2014 - 18:44

Normally i have to travel and pay a lot more to have my port probed.

 

 

*stealth



#78 Lant

Lant

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 13-April 06

Posted 14 January 2014 - 19:56

Mine is closed, I already fixed the back door by forwarding the packets to an IP address that DHCP will never allocate.



#79 Hardcore Til I Die

Hardcore Til I Die

    Neowinian Senior

  • Joined: 18-February 07
  • Location: England

Posted 14 January 2014 - 20:04

Stealth :D 



#80 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 14 January 2014 - 22:06

So is this FUD?  So far over 100 closed ports.

You probably just don't have a router with the particular port open. It's probably easier to look up a list of affected devices.



#81 JJ_

JJ_

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 31-July 05

Posted 14 January 2014 - 22:44

I wonder who voted yes.  :woot: Reading on the reports online, the affected routers listen on the LAN side so isn't the online GRC tool is useless for scanning for this vulnerability? Unless they offer a downloadable utility that can check LAN side



#82 Reverend Spam

Reverend Spam

    Neowinian Senior

  • Joined: 16-April 05
  • Location: Providence, RI, US
  • OS: Windows 8
  • Phone: Droid Bionic

Posted 14 January 2014 - 22:57

The port is closed....  On my anonymous VPN connection somewhere in Switzerland... :-p



#83 Ironman273

Ironman273

    Neowinian Fanatic

  • Tech Issues Solved: 4
  • Joined: 26-October 01
  • Location: Florida
  • OS: Windows 8.1 Pro (Work) Windows 10 (Home)
  • Phone: Blu Win HD W510u

Posted 14 January 2014 - 23:11

You probably just don't have a router with the particular port open. It's probably easier to look up a list of affected devices.

I meant more than just mine.  It seems like everyone (except one yes who hasn't said so in the comments) has it closed.  If it was such a huge issue I would imagine you'd find more than 1 router open (who I still think is a troll vote) from a sampling of 130.  



#84 +theblazingangel

theblazingangel

    Software Engineer

  • Tech Issues Solved: 6
  • Joined: 25-March 04
  • Location: England, UK

Posted 15 January 2014 - 00:37

I wonder who voted yes.  :woot: Reading on the reports online, the affected routers listen on the LAN side so isn't the online GRC tool is useless for scanning for this vulnerability? Unless they offer a downloadable utility that can check LAN side

 

Most of those affected listen on the LAN side, and so yes you are correct in believing that the GRC scan is useless in that regard, as I tried to point out to everyone on page 1 or 2. There are a small number though which do actually listen on the WAN side. The github link in the first post has a list of a number of the routers affected.

 

I meant more than just mine.  It seems like everyone (except one yes who hasn't said so in the comments) has it closed.  If it was such a huge issue I would imagine you'd find more than 1 router open (who I still think is a troll vote) from a sampling of 130.  

 

This is a tiny sample. How many millions of home routers/gateways are there out there connecting people to the internet? I think that it's absurd to draw conclusions about how wide spread / big a problem this is from 130 results. Furthermore, there is no indication that the majority of the people voting/replying here even damn well understand it properly. I tried to point out and explain to everyone how the link in the first post only scans the WAN side, not the LAN side, but after six pages there is no indication that the majority have listened, we're just getting a whole load of "stealth :D" type posts with no indication of whether they've simply only tested their WAN side with the grc link (most probable) or actually checked their LAN side also (sadly unlikely is my impression). Since the number of routers exposing this on the WAN side is much fewer than on the LAN side, taking into account that people here don't seem to understand, that further reduces any possible usefulness of this poll in determining the size of the problem.



#85 +theblazingangel

theblazingangel

    Software Engineer

  • Tech Issues Solved: 6
  • Joined: 25-March 04
  • Location: England, UK

Posted 15 January 2014 - 00:43

I think anyone else who replies here with the result for their router who shows no indication of even being aware of the WAN/LAN issue I've brought up in this thread deserves a smack round the back of their head :rolleyes: 



#86 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 15 January 2014 - 00:45

I meant more than just mine.  It seems like everyone (except one yes who hasn't said so in the comments) has it closed.  If it was such a huge issue I would imagine you'd find more than 1 router open (who I still think is a troll vote) from a sampling of 130.  

There are only 6 known consumer routers that listen over the Internet and they are either really old (wireless G era) or have really bad ratings. I rather doubt anyone here is running them:

Cisco WAP4410N-E 2.0.1.0, 2.0.3.3, 2.0.4.2, 2.0.6.1 (issue 44)
Linksys WAG120N (@p_w999)
Netgear DG834B V5.01.14 (@domainzero)
Netgear DGN2000 1.1.1, 1.1.11.0, 1.3.10.0, 1.3.11.0, 1.3.12.0 (issue 44)
Netgear WPNT834 (issue 79)
OpenWAG200 maybe a little bit TOO open ;) (issue 49)
 

I think anyone else who replies here with the result for their router who shows no indication of even being aware of the WAN/LAN issue I've brought up in this thread deserves a smack round the back of their head  :rolleyes:

They sure do, considering that vast majority of the affected routers are not listening over WAN.
 


#87 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 15 January 2014 - 03:06

Not really, everything is blind to anything internal when the gateway is behind a NAT for the simple reason. Every router will drop every packet incoming if it has no entry on the translation table. The only way to 'poke' a hole through NAT is by a client sending a message out on that port, after that any incoming traffic which comes in on that port will be sent to that client.
 
The 360 and X1 used to sometimes get round this by using a flavour of UPnP but it uses the same ideology that the client sends a packet, in which then the servers initiates the stream. UPnP is a standard for how clients establish an entry in the translation table and prompt the device to transmit, but it has to be initiated by the client.
 
So if you wanted to open a port to a client on a LAN behind a NAT for malicious purposes, you have to install some malware on the device you want and time it to be able to send packets at specific times. Keeping in mind that a router will usually drop a entry in the NAT table after only a couple of seconds of inactivity from that client.


I'm pretty sure the Xbone doesn't use UPnP (From reading what the network guys at Microsoft have said, and from the fact that my Xbone doesn't ask for any ports to be opened), apparently it only had around a 25% success rate on the 360 so they didn't bother with it on the One (Considering the Xbone is designed for IPv6 first, falling back to Teredo, so you either don't have a NAT, or rely on NAT traversal anyway)

#88 adrynalyne

adrynalyne

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 29-November 09

Posted 15 January 2014 - 04:08

Normally i have to travel and pay a lot more to have my port probed.

 

 

*stealth

Its cheaper to probe it yourself.



#89 Praetor

Praetor

    ASCii / ANSi Designer

  • Tech Issues Solved: 5
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 15 January 2014 - 04:21

A couple of years ago (2011 or 2012 i guess?) my ancient router had this PPPoE password that i forgot it; so when i was configuring the newer router to replace that one i need that dial up password for my crappy ADSL connection.

 

So what i did?

Instead of wasting 2 minutes calling the support requesting a reset on the password, i went to see what technologies this router supported; for my shock and surprise, that router responded to telnet :); so in a (nut)shell i start trowing commands to see if anything would stick, but no joy (yeah i did know the router password but it was in a encrypted store and it was a hassle for me to go fetch it so...); a couple of Google searches told me that this router had a know hack so it was possible from outside of the private network to reset the router password, knowing only the public IP of current connection; did that and after getting telnet access to the router with a new password, i could dump the configs; all the passwords were stored in Base64 so it was very easy to decode them.

After that not only i was in possession of the PPPoE password but the root password of the router that my ISP used as well, the default website and password they used for accessing the router in support mode (for troubleshooting the router with their software with an ISP helpdesk protocol) and a bunch of pertinent and personal info that was stored in that router, no ideia why. It was a good 2 hours checking all that data i just got but more usefull then a 2 minute call for the support.

 

Got angry because that was a consumer router that my ISP "offered" me and it was never updated by them; the router even had OpenSSH but the version was so damn old it couldn't do anything else. And the vulnerability this router has (it's still unfixed) are really troublesome because with a simple script one can reboot this router remotely for ever, in a DoS so silly it's ridiculous.

 

Was my ISP warned about this? Yup. Did they care? Nope (one of the techs was loling hard about the whole situation because i was using an ancient router... i had that router for only 4 years!) :|

So why this story? It's not made up; vulnerabilities exist and backdoors exist as well; the objectives of the first are clear (bad security or programming leading to holes ready to be exploited) but the second either are intensional or not; if they are then by whom? The OEMs that build those routers or some other agency that got hold of them? Either way it's troublesome to think that people get crazy about wireless passwords in their home router when in fact the router could be completely exploited by other means, without the user even knowing it.



#90 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 15 January 2014 - 05:03

You mean you would first have to get one of the allowed mac addresses.

which is trivial if you're already on the network.

 

I wonder who voted yes.  w00t.gif Reading on the reports online, the affected routers listen on the LAN side so isn't the online GRC tool is useless for scanning for this vulnerability? Unless they offer a downloadable utility that can check LAN side

I think anyone else who replies here with the result for their router who shows no indication of even being aware of the WAN/LAN issue I've brought up in this thread deserves a smack round the back of their head rolleyes.gif

thank you! i thought I had misunderstood the whole thing when everybody here appeared to ignore my comment to the same effect.