• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

Port 0 on grc.com

Question

cork1958    1,959

I know a lot of people take the grc site with a grain of salt, but some times when I test a computer at that site, https://www.grc.com/x/ne.dll?bh0bkyd2 I get a blue square on port 0 which states:

 

Purpose: 
Not a valid port number.

Description: 
"Port Zero" does not officially exist. It is defined as an invalid port number. But valid Internet packets can be formed and sent "over the wire" to and from "port 0" just as with any other ports.

 

I just ran back to back tests on that site and got a blue square on the first test and a green square for port 0 on second test. Don't see anything in their FAQ's about it and e-mail is useless to them. Is that site even more screwed up than usual and need to use BIGGER grains of salt now, or what?

 

Thanks

 

 

Share this post


Link to post
Share on other sites

23 answers to this question

Recommended Posts

  • 0
Steven P.    15,939

SNAG-0000.png

should I be worried?

 

tenor.gif

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,694

You mean you get blue - ie "closed" vs failed (red) and their nonsense term of "stealth" green ;)

closed.thumb.jpg.aa79d9ca1b14762a9ef8b2b2afd07b06.jpg

 

If that gets back a closed answer that just means something answered, could of been a reject or icmp message saying hey nothing here sort of thing..

 

Normally your firewall should not answer to a port 0 dest, etc.   Could be something between you and them as well.. Might not actually be your firewall.

 

 

 

 

  • Thanks 1

Share this post


Link to post
Share on other sites
  • 0
adrynalyne    13,551
20 minutes ago, cork1958 said:

I know a lot of people take the grc site with a grain of salt, but some times when I test a computer at that site, https://www.grc.com/x/ne.dll?bh0bkyd2 I get a blue square on port 0 which states:

 

Purpose: 
Not a valid port number.

Description: 
"Port Zero" does not officially exist. It is defined as an invalid port number. But valid Internet packets can be formed and sent "over the wire" to and from "port 0" just as with any other ports.

 

I just ran back to back tests on that site and got a blue square on the first test and a green square for port 0 on second test. Don't see anything in their FAQ's about it and e-mail is useless to them. Is that site even more screwed up than usual and need to use BIGGER grains of salt now, or what?

 

Thanks

 

 

Garbage site. Who is your ISP? Most block port 0 as it is. 

Share this post


Link to post
Share on other sites
  • 0
+warwagon    13,751
8 minutes ago, adrynalyne said:

Garbage site. Who is your ISP? Most block port 0 as it is. 

Not a garbage site.

Share this post


Link to post
Share on other sites
  • 0
cork1958    1,959

I'm not worried really, just odd that this only started showing up recently. Usually get this, as I did just now. Charter/Spectrum is my ISP.

2020-01-13 10.23.56 www.grc.com 14b2184de3e4.png

4 minutes ago, warwagon said:

Not a garbage site.

Wow! Did you really say that!! Don't think I've ever heard anyone say that out loud!!

  • Like 3

Share this post


Link to post
Share on other sites
  • 0
+warwagon    13,751
1 minute ago, cork1958 said:

I'm not worried really, just odd that this only started showing up recently. Usually get this.

2020-01-13 10.23.56 www.grc.com 14b2184de3e4.png

Correct. That is what most people should get. But if someone unbenounced to them had UPnP enabled on their router and something poked a whole in their router on a common service port. This would show it.

Share this post


Link to post
Share on other sites
  • 0
Nick H.    10,486
12 minutes ago, adrynalyne said:

Garbage site.

 

3 minutes ago, warwagon said:

Not a garbage site.

Compelling arguments from both sides... :rofl:

  • Like 1
  • Haha 2

Share this post


Link to post
Share on other sites
  • 0
+warwagon    13,751
4 minutes ago, cork1958 said:

 

Wow! Did you really say that!! Don't think I've ever heard anyone say that out loud!!

I am one of those people who do not dislike Steve Gibson. I for one am excited for the next version of spinrite. I've used his password generator for a few things. I'm a huge believer in the potential in sqrl.

Share this post


Link to post
Share on other sites
  • 0
adrynalyne    13,551
3 minutes ago, Nick H. said:

 

Compelling arguments from both sides... :rofl:

Mine is supported by anyone who understands networking though ;)

 

Also, any site that gives two different test results in the same environment...is by definition, garbage.

Share this post


Link to post
Share on other sites
  • 0
cork1958    1,959
2 minutes ago, warwagon said:

I am one of those people who do not dislike steve gibson.

Can't say as I dislike him or his site, and I've tested on his site for years, but this is just weird that only within the last month or so that I've seen the blue square on port 0.

Share this post


Link to post
Share on other sites
  • 0
+warwagon    13,751
1 minute ago, adrynalyne said:

Mine is supported by anyone who understands networking though ;)

Yes ok, so he shows 0 in blue. What about when he shows a person a port in red they were not aware was open?

Share this post


Link to post
Share on other sites
  • 0
adrynalyne    13,551
2 minutes ago, cork1958 said:

Can't say as I dislike him or his site, and I've tested on his site for years, but this is just weird that only within the last month or so that I've seen the blue square on port 0.

Honestly, like or dislike of a person has nothing to with the quality of a site.

  • Thanks 1

Share this post


Link to post
Share on other sites
  • 0
+warwagon    13,751
2 minutes ago, adrynalyne said:

Honestly, like or dislike of a person has nothing to with a quality of a site.

What's wrong with the quality of his site? It might look dated but it's functional. His menu's don't require JavaScript to work and it loads great on slower connections.

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,694

Yeah he is like the 1 fan ;)

 

I don't have a problem with a port tester - it can come in handy.. And don't have a problem with him trying to get security issues out to the masses.. What I have a problem with is the sky is falling tactics he has used over the years, etc.  Remember how raw sockets were going to "break" the internet as we knew it.. 

 

As to taking anything he says with a "grain" of salt - yeah would agree with that assessment... The whole shaker would be good to use ;)

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,694

They are sending back answer to it being blocked?  Not something would ever do on internet to be honest.. But yeah that could explain a "blue" response ie closed vs "stealth" ;)

  • Haha 1

Share this post


Link to post
Share on other sites
  • 0
adrynalyne    13,551
1 minute ago, BudMan said:

Yeah he is like the 1 fan ;)

 

I don't have a problem with a port tester - it can come in handy.. And don't have a problem with him trying to get security issues out to the masses.. What I have a problem with is the sky is falling tactics he has used over the years, etc.  Remember how raw sockets were going to "break" the internet as we knew it.. 

 

As to taking anything he says with a "grain" of salt - yeah would agree with that assessment... The whole shaker would be good to use ;)

Added emphasis ;)

Just now, Mindovermaster said:

I'm on Spectrum and I see it OK. hm...

Define seeing it? Via grc?

 

*Tosses a salt shaker your way*

Share this post


Link to post
Share on other sites
  • 0
cork1958    1,959

See, just did another test using same browser and not changing anything. Seems to happen every other test or so.

 

2020-01-13 10.35.51 www.grc.com 7460588815f7.png

Share this post


Link to post
Share on other sites
  • 0
Mindovermaster    3,204
4 minutes ago, adrynalyne said:

Define seeing it? Via grc?

 

*Tosses a salt shaker your way*

oh, totally missed that part, nevermind...

 

*tosses salt to Cork*

  • Haha 1

Share this post


Link to post
Share on other sites
  • 0
cork1958    1,959
6 minutes ago, Mindovermaster said:

oh, totally missed that part, nevermind...

 

*tosses salt to Cork*

Yep, already had the salt shaker setting here when I first posted this topic. Knew what kind of comments would be coming! Makes it even more odd then if Charter is blocking that port and I'm "stealthed" that I see a blue square there.

 

OK, like I said, not really worried about it and salt shaker is almost empty already.

 

Thanks for the replies.

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,694

Here is what I suggest when running those sorts of scans when you get back something that doesn't make sense... Like a closed when it should be stealth, or an open when you know you have it off, etc.

 

Sniff at your end, on your firewall... Do see something to port 0?  Do you see your firewall send anything back?

 

11:46:34.940691 IP 4.79.142.206.49126 > 64.53.x.x.0: tcp 0
11:46:34.940795 IP 4.79.142.206.49126 > 64.53.x.x.0: tcp 0

So there for example is the grc site sending traffic to port 0... But there is no answer from my end... If you never see it, then something upstream of you answered.  If you see it an you answered - then your firewall is misconfigured.

 

here are the specific rules that block/drop that traffic

block drop quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
block drop quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
block drop quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
block drop quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"

Here is the other thing this just pure and utter scare tactics to the typical users..  Give me a break.. It sure and the hell should not be worded this way..

 

443
HTTPS
OPEN!The presence of this secure web port in your system implies that this system is establishing secure connections with web browsers. The number one reason for doing this is the transmission of credit card information. This implies that the successful intruder could access the web server's credit card database and score bigtime. This is a VERY bad port to have open unless you are actually conducting secure web commerce!

 

This is just BS plain and simple... Maybe the user has a website open showing their kids pictures to their grandma..  And being that they have grandma login, this should be over https..   This could be worded better for sure showing this is open..   How about something like

 

443 (https) was found open - please validate you have done this on purpose vs say your routers web gui being open to the public on accident.

 

These big FAILED stamps...

 

FAILEd.thumb.jpg.6c4a03fb06c57aa1d6529ee9ebf7f283.jpg

 

Who says anything failed?  The ports found to be open are on PURPOSE... So that is not a fail, my IP responds to ping - because I set it to do that, etc.. Him calling out FAILED is yet again him screaming the sky is falling sort of nonsense..

 

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
Steven P.    15,939

I'd pay good money to see/hear @BudMan have a rap battle with Steve Gibson :) 

  • Like 2
  • Haha 3

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.