What's new

Mixed port-scan results. Advice needed.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Zonkd

Very Senior Member
I have scanned my WAN IP with different tools and it is unclear if my router ports are actually closed.
Scans using nmap and iPhone apps show many open tcp ports (21,80,443,5222,5223,5228,5229,5230)
Scans using popular websites like Whatsmyip and GRC Shields-up report that all those ports are closed or stealth?

Is there a better way to confirm if ports are closed? I'm confused why I see mixed results.

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2019-02-13 at 17:16:32

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------
----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2019-02-13 at 17:20:46

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

I wonder if this may be to do with the ISP router I placed in bridged mode for ASUS to use as modem without double NAT. Could port scans be detecting the bridged modem-router?

Observation: When I port scan I don't see it in Skynet logs as being blocked or dropped. Is that normal?
 
Last edited:
I have done Gibson ShieldsUP! scans. They have always returned all stealth. I had no reason to doubt this.

Recently I enabled IPSEC VPN on my router. So I ran ShieldsUP! again but just custom scan of ports 500 and 4500. It comes back stealth. This cannot be accurate. When I looked at my syslog configured in Skynet to include invalid packets, sure enough, the GRC probes were blocked as invalid.
 
There's a difference between scanning your WAN interface (i.e. GRC) and scanning your LAN interface. (If that's what you're doing)
 
There's a difference between scanning your WAN interface (i.e. GRC) and scanning your LAN interface. (If that's what you're doing)
Now that I re-read the @Zonkd post, the scans with all of the open ports could indeed be LAN rather than WAN. ;)

I don't know but I suspect that a LAN port scan would never be seen by Skynet rules.
 
Last edited:
Port scans must be run from outside your network. Anything on the LAN will not be subject to the firewall.
 
I ran all port scans from outside my network. I definitely wasn’t scanning the LAN interface @ColinTaylor
Try using your phone and pointing a web browser at that address (80=HTTP/443=HTTPS) and see what you get. Do the same with an FTP client (port 21).

Ports 5228,5229,5230 might be Google Cloud Messaging. Try using GRC or canyouseeme.org to probe those specific ports.
 
Try using your phone and pointing a web browser at that address (80=HTTP/443=HTTPS) and see what you get. Do the same with an FTP client (port 21).

Ports 5228,5229,5230 might be Google Cloud Messaging. Try using GRC or canyouseeme.org to probe those specific ports.

Canyouseeme says connection timed out it couldn’t see my service. I can’t connect with my phone browser or FTP client. Could it be my ISP’s bridged modem-router getting detected?
 
Canyouseeme says connection timed out it couldn’t see my service. I can’t connect with my phone browser or FTP client. Could it be my ISP’s bridged modem-router getting detected?
Normally I would agree with that theory. But if that were true you'd also see the ports with GRC or canyouseeme. So the implication is that it's something on the mobile phone network you're connecting through.
 
Normally I would agree with that theory. But if that were true you'd also see the ports with GRC or canyouseeme. So the implication is that it's something on the mobile phone network you're connecting through.

You must be right. I scanned through a VPN and nmap reports all ports were filtered. At least there’s no problem. I wonder why I saw open ports scanning through the mobile network.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top