Port 0 on grc.com

By cork1958
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

cork1958

Posted
Posted

I know a lot of people take the grc site with a grain of salt, but some times when I test a computer at that site, https://www.grc.com/x/ne.dll?bh0bkyd2 I get a blue square on port 0 which states:

 

Purpose: 
Not a valid port number.

Description: 
"Port Zero" does not officially exist. It is defined as an invalid port number. But valid Internet packets can be formed and sent "over the wire" to and from "port 0" just as with any other ports.

 

I just ran back to back tests on that site and got a blue square on the first test and a green square for port 0 on second test. Don't see anything in their FAQ's about it and e-mail is useless to them. Is that site even more screwed up than usual and need to use BIGGER grains of salt now, or what?

 

Thanks

 

 

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

You mean you get blue - ie "closed" vs failed (red) and their nonsense term of "stealth" green ;)

closed.thumb.jpg.aa79d9ca1b14762a9ef8b2b2afd07b06.jpg

 

If that gets back a closed answer that just means something answered, could of been a reject or icmp message saying hey nothing here sort of thing..

 

Normally your firewall should not answer to a port 0 dest, etc.   Could be something between you and them as well.. Might not actually be your firewall.

 

 

 

 

Link to comment
Share on other sites
Grand Master

adrynalyne

Posted
Posted
20 minutes ago, cork1958 said:

I know a lot of people take the grc site with a grain of salt, but some times when I test a computer at that site, https://www.grc.com/x/ne.dll?bh0bkyd2 I get a blue square on port 0 which states:

 

Purpose: 
Not a valid port number.

Description: 
"Port Zero" does not officially exist. It is defined as an invalid port number. But valid Internet packets can be formed and sent "over the wire" to and from "port 0" just as with any other ports.

 

I just ran back to back tests on that site and got a blue square on the first test and a green square for port 0 on second test. Don't see anything in their FAQ's about it and e-mail is useless to them. Is that site even more screwed up than usual and need to use BIGGER grains of salt now, or what?

 

Thanks

 

 

Garbage site. Who is your ISP? Most block port 0 as it is. 

Link to comment
Share on other sites
Grand Master

cork1958

Posted
  • Author
Posted (edited)

I'm not worried really, just odd that this only started showing up recently. Usually get this, as I did just now. Charter/Spectrum is my ISP.

2020-01-13 10.23.56 www.grc.com 14b2184de3e4.png

4 minutes ago, warwagon said:

Not a garbage site.

Wow! Did you really say that!! Don't think I've ever heard anyone say that out loud!!

  • Steven P., adrynalyne and +Warwagon
  • Like 3
Link to comment
Share on other sites
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
1 minute ago, cork1958 said:

I'm not worried really, just odd that this only started showing up recently. Usually get this.

2020-01-13 10.23.56 www.grc.com 14b2184de3e4.png

Correct. That is what most people should get. But if someone unbenounced to them had UPnP enabled on their router and something poked a whole in their router on a common service port. This would show it.

Link to comment
Share on other sites
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
4 minutes ago, cork1958 said:

 

Wow! Did you really say that!! Don't think I've ever heard anyone say that out loud!!

I am one of those people who do not dislike Steve Gibson. I for one am excited for the next version of spinrite. I've used his password generator for a few things. I'm a huge believer in the potential in sqrl.

Link to comment
Share on other sites
Grand Master

adrynalyne

Posted
Posted (edited)
3 minutes ago, Nick H. said:

 

Compelling arguments from both sides... :rofl:

Mine is supported by anyone who understands networking though ;)

 

Also, any site that gives two different test results in the same environment...is by definition, garbage.

Link to comment
Share on other sites
Grand Master

cork1958

Posted
  • Author
Posted
2 minutes ago, warwagon said:

I am one of those people who do not dislike steve gibson.

Can't say as I dislike him or his site, and I've tested on his site for years, but this is just weird that only within the last month or so that I've seen the blue square on port 0.

Link to comment
Share on other sites
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
1 minute ago, adrynalyne said:

Mine is supported by anyone who understands networking though ;)

Yes ok, so he shows 0 in blue. What about when he shows a person a port in red they were not aware was open?

Link to comment
Share on other sites
Grand Master

adrynalyne

Posted
Posted (edited)
2 minutes ago, cork1958 said:

Can't say as I dislike him or his site, and I've tested on his site for years, but this is just weird that only within the last month or so that I've seen the blue square on port 0.

Honestly, like or dislike of a person has nothing to with the quality of a site.

Link to comment
Share on other sites
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
2 minutes ago, adrynalyne said:

Honestly, like or dislike of a person has nothing to with a quality of a site.

What's wrong with the quality of his site? It might look dated but it's functional. His menu's don't require JavaScript to work and it loads great on slower connections.

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah he is like the 1 fan ;)

 

I don't have a problem with a port tester - it can come in handy.. And don't have a problem with him trying to get security issues out to the masses.. What I have a problem with is the sky is falling tactics he has used over the years, etc.  Remember how raw sockets were going to "break" the internet as we knew it.. 

 

As to taking anything he says with a "grain" of salt - yeah would agree with that assessment... The whole shaker would be good to use ;)

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

They are sending back answer to it being blocked?  Not something would ever do on internet to be honest.. But yeah that could explain a "blue" response ie closed vs "stealth" ;)

Link to comment
Share on other sites
Grand Master

adrynalyne

Posted
Posted
1 minute ago, BudMan said:

Yeah he is like the 1 fan ;)

 

I don't have a problem with a port tester - it can come in handy.. And don't have a problem with him trying to get security issues out to the masses.. What I have a problem with is the sky is falling tactics he has used over the years, etc.  Remember how raw sockets were going to "break" the internet as we knew it.. 

 

As to taking anything he says with a "grain" of salt - yeah would agree with that assessment... The whole shaker would be good to use ;)

Added emphasis ;)

Just now, Mindovermaster said:

I'm on Spectrum and I see it OK. hm...

Define seeing it? Via grc?

 

*Tosses a salt shaker your way*

Link to comment
Share on other sites
Grand Master

Mindovermaster Moderator

Posted
  • Moderator
Posted
4 minutes ago, adrynalyne said:

Define seeing it? Via grc?

 

*Tosses a salt shaker your way*

oh, totally missed that part, nevermind...

 

*tosses salt to Cork*

Link to comment
Share on other sites
Grand Master

cork1958

Posted
  • Author
Posted (edited)
6 minutes ago, Mindovermaster said:

oh, totally missed that part, nevermind...

 

*tosses salt to Cork*

Yep, already had the salt shaker setting here when I first posted this topic. Knew what kind of comments would be coming! Makes it even more odd then if Charter is blocking that port and I'm "stealthed" that I see a blue square there.

 

OK, like I said, not really worried about it and salt shaker is almost empty already.

 

Thanks for the replies.

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Here is what I suggest when running those sorts of scans when you get back something that doesn't make sense... Like a closed when it should be stealth, or an open when you know you have it off, etc.

 

Sniff at your end, on your firewall... Do see something to port 0?  Do you see your firewall send anything back?

  

11:46:34.940691 IP 4.79.142.206.49126 > 64.53.x.x.0: tcp 0
11:46:34.940795 IP 4.79.142.206.49126 > 64.53.x.x.0: tcp 0

So there for example is the grc site sending traffic to port 0... But there is no answer from my end... If you never see it, then something upstream of you answered.  If you see it an you answered - then your firewall is misconfigured.

 

here are the specific rules that block/drop that traffic 

block drop quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
block drop quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
block drop quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
block drop quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"

Here is the other thing this just pure and utter scare tactics to the typical users..  Give me a break.. It sure and the hell should not be worded this way..

 

443
HTTPS
OPEN!The presence of this secure web port in your system implies that this system is establishing secure connections with web browsers. The number one reason for doing this is the transmission of credit card information. This implies that the successful intruder could access the web server's credit card database and score bigtime. This is a VERY bad port to have open unless you are actually conducting secure web commerce!

 

This is just BS plain and simple... Maybe the user has a website open showing their kids pictures to their grandma..  And being that they have grandma login, this should be over https..   This could be worded better for sure showing this is open..   How about something like

 

443 (https) was found open - please validate you have done this on purpose vs say your routers web gui being open to the public on accident.

 

These big FAILED stamps...

 

FAILEd.thumb.jpg.6c4a03fb06c57aa1d6529ee9ebf7f283.jpg

 

Who says anything failed?  The ports found to be open are on PURPOSE... So that is not a fail, my IP responds to ping - because I set it to do that, etc.. Him calling out FAILED is yet again him screaming the sky is falling sort of nonsense..

 

Link to comment
Share on other sites
  • 11 months later...
Collaborator

Forum staff Moderator

Posted
  • Moderator
Posted

This topic was automatically locked because it did not receive any replies for a year. If you want to have this topic reopened

  • please contact any staff moderator or
  • report the first post of the topic with the reason why it should be reopened.

Thank you.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.