What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Skynet Skynet does not fully enforce stealth mode on WAN (ports 80 & 443 show as CLOSED)

B

BeachGuy

Senior Member
I’m running ASUS GT-AX6000 with latest MerlinWRT, and have Skynet, Diversion, and Unbound installed.

I ran a GRC ShieldsUP! scan on ports 0–1055 and noticed the following:

0 Ports Open
2 Ports Closed (80, 443)
1054 Ports Stealth
TruStealth: FAILED (because not all ports are stealth)

Full report:
  • All ports except 80 and 443 are stealth.
  • No unsolicited packets.
  • No ping reply (ICMP blocked).

This means the router is replying TCP RST (closed) on ports 80 and 443 to WAN scans, instead of dropping silently. Remote web GUI is disabled for WAN (I only access the UI from LAN on HTTPS port 8443).


Question:
Should Skynet enforce DROP (stealth) on WAN for all unused ports (including 80 and 443) when remote access is off? Or is this behavior coming from the stock ASUS firewall?


Would it make sense to add an option in Skynet to ensure full TruStealth mode by default?


Thanks!
 
GRC ShieldsUp would not be considered a malware site or IP for Skynet to block. I would expect your ISP is blocking those 2 ports before they reach your router.
 
Tcpdump capture while running ShieldsUP:

tcpdump -i eth0 port 80 or port 443
...
# only outgoing connections captured, examples:
16:07:08.423191 IP www.grc.com.https > MY_ROUTER: Flags [S.] ...
16:07:08.423763 IP MY_ROUTER > www.grc.com.https: Flags [.]
# no incoming SYN packets from GRC IPs on port 80/443

Interpretation:
  • No incoming ShieldsUP SYNs captured → packets never reach the router.
  • Outgoing connections are normal HTTPS traffic.
  • Suggests ISP is filtering ports 80/443 upstream.
Request:
Can Skynet/Diversion confirm that no internal rules would block ShieldsUP?
Or is this fully due to ISP-level filtering?

Thanks for any guidance.
 
For comparison, I ran this capture and saw plenty of 80 and 443 attempts to my public IP. My ISP doesn't block it, so it came up Stealth.
Code: 
tcpdump -nvpi eth0 src net 4.79.142.192/28 and \( dst port 80 or dst port 443 \)
BeachGuy said:
Can Skynet/Diversion confirm that no internal rules would block ShieldsUP?
Click to expand...
What do you mean?
 
You must log in or register to reply here.

Similar threads

J
Router responding on WAN TCP ports 80 and 443
Replies
13
Views
3K
Chuckles67
Chuckles67
Zonkd
Mixed port-scan results. Advice needed.
Replies
10
Views
2K
martinr
M
S
ac56u - ports 22, 80, 443 open and nothing in stealth as per GRC - why?
Replies
8
Views
1K
follower
F
Similar threads
Thread starter Title Forum Replies Date
X Skynet Skynet always shows IPSets & IPTable Rules Failed Asuswrt-Merlin AddOns 1
S Skynet My internet speed dropped with Skynet on Asuswrt-Merlin AddOns 33
pedeb04 Skynet How to change Skynet mount point Asuswrt-Merlin AddOns 1
T Skynet Blocklist installation skynet, New to forum and Asus routers. Need Guidance. Asuswrt-Merlin AddOns 9
M Skynet Skynet filter list issue - [*] List Content Error Detected - Stopping Banmalware Asuswrt-Merlin AddOns 50
B Skynet Skynet multiple url feed? Asuswrt-Merlin AddOns 2
B Skynet Skynet fails on reboot merlin v3006.102.4 Asuswrt-Merlin AddOns 15
C Skynet SkyNet IPv6? Asuswrt-Merlin AddOns 2
T Skynet Can't access certain website due to Skynet Asuswrt-Merlin AddOns 17
B Skynet Skynet blocking Call of Duty (Warzone 3) Asuswrt-Merlin AddOns 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,020 (members: 19, guests: 1,001)
Back
Top