|
Port 53 open by default on SH2?
I just ran a quick port scan on GRC/ShieldsUp after shutting down my IPFire machine and switching on routing for the SH2 again for a test. With the firewall off on the SH2 the scan showed all ports as closed except 53 (DNS) which was open. Since I don't run any DNS servers I was wondering about this, and after double checking nothing was running on 53 on my local machines (eg VPN) I turned on the SH2 firewall to 'Low'. Now the following appears:
https://www.cableforum.co.uk/images/local/2014/02/9.png What gives? Is port 53 open by default on the SH2 or have I missed something else locally? Since even without the firewall enabled the SH2 has NAT, and UPnP is disabled, I can't see how the port could be forwarding from a local machine and it turns to stealth once the SH2 firewall is enabled. So I'm guessing it has to be the SH2 broadcasting on 53? I use Google DNS set individually per NIC btw. Thanks in advance for any ideas. :) |
Re: Port 53 open by default on SH2?
Mine is also open, most other ports are stealth as they should be though. Not sure why i have several showing as closed, i need to look into this.
|
Re: Port 53 open by default on SH2?
Quote:
As for the whole stealth v closed thing though, it's not really as big a deal as is made out at times. Or at least if you listen to Kaspersky et al. who stopped their firewall 'stealthing' ports in 2009. They argue (and I would agree) that a 'stealthed' system is the opposite of invisible. If you ping/telnet/whatever a node on the internet standard network protocol dictates you get a 'pong'/reply, or else a 'host unreachable' if it doesn't exist. With a 'stealth' machine the ping is simply dropped silently; automatically, therefore, confirming that there is a machine but that it's refusing to answer either way. Some info. Some more. Better to have all unneeded ports closed properly and secured with a good hardened firewall (ideally a decent hardware appliance like IPFire, pfSense, etc but at least be behind NAT and have a reputable software firewall on top). I digress. :p: |
Re: Port 53 open by default on SH2?
A networking expert friend of mine reliably informs me that "stealth" breaks the internet, as the RFC says the port should reply as open or closed. A minor point I guess.
RainmakerRaw is absolutely correct that a stealthed port is more noticable than a closed one, for the very fact that it indicates there IS a machine there, in order to silently drop the packet, rather than just reply unreachable. Stealh is NOT better, despite what GRC says. Personal opinion: The majority of the information pushed out by shieldsup et-al, are truths or partial truths misrepresented in such a way as to sensationalize things that aren't really an issue at all, in such a way as to bring people to his website, thus increasing his ad-revenue. |
Re: Port 53 open by default on SH2?
Quote:
Virtually all major providers do not propagate "Host unreachable" messages outside the local network. Hence, in almost all cases where the source is outside the LAN, both non-existent and "stealth" machines respond in exactly the same way, both dropping silently and not giving a host unreachable response. ---------- Post added at 01:46 ---------- Previous post was at 01:42 ---------- Quote:
That said I've repeatedly pointed out to some chagrin from others that adding various sites you don't want to access to your hosts file under "127.0.0.1" also "breaks" the internet, technically, but nobody seems to care. |
Re: Port 53 open by default on SH2?
Liberal usage of the term "break" there, I think. It's not broken, it's just doing something different to what the spec says. If it was broken it wouldn't work at all.
Out of curiosity, does IPv6 have any impact at all on how ports are used/opened/forwarded/etc.? |
| All times are GMT +1. The time now is 15:39. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum