Ok GRC com shields up page reports every port on my ASUS router as Stealth except port 443 HTTPS,...

[G+_Golden Retriever]

Ok GRC.com shields up page reports every port on my ASUS router as Stealth except port 443 HTTPS, quote GRC "this is a very bad port to have open unless you are actively doing web Commerce"

 

At first I was looking at my router and trying to figure out how to stealth this port, then it occurred to me that a Web browser tab could be active on one of my 3 cell phones or 2 laptops my smart TV or even this tablet I am composing this message on.

 

So I want to test this, I can turn off every device but one " I have to have at least one device open in order to run the test" but I don't know if simply shutting the device off will allow the router to close the port or if I need to reboot the router each time before running the test, any suggestions or if you think I'm barking up the wrong tree please say that as well with any suggestions you may have as to why I have this port open.

 

http://GRC.com

[G+_todd zimmerman]

Just wondering: is 443 open for remote management via WAN connection? If that's the case, just turn off WAN Admin.

 

Otherwise, 443 might be open for ASUS's AICloud "feature". You might be able to turn off AICloud, but I'm not sure (I don't use this " feature")

[G+_William L. DeRieux IV]

Tod Sage Also per Steve Gibson....turn off UPNP (as this could do it, too).

[G+_Golden Retriever]

todd zimmerman AIcloud was the culprit thanks Todd

[G+_Golden Retriever]

William L. DeRieux IV did that a long time ago

[G+_David Peach]

And just to clarify, yes, you were barking up the wrong tree from my understanding of your original question. The port was not open because one of your devices inside the network was connected to something outside. It was open because the router was allowing connections from the outside to connect to a service the router was providing.

 

It could also happen (though not the case this time) if your router was allowing connections to a server or service on a computer inside your network.

[G+_William L. DeRieux IV]

David Peach It's called port forwarding (which upnp can used by a device to set it up without user intervention) -- and this was not the case, the router had opened the port for itself and not a local device.

[G+_Ben Tyger]

I think there may be a port mixup. 443 is HTTPS. There are lots of legitimate reasons to have this open if you are running any type of webserver. The really dangerous port Steve was talking about in recent SN shows was port 445 (SMB).

[G+_William L. DeRieux IV]

Ben Tyger In addition to tcp 445 (SMB) these ports should also not be open and are related to it.

 

NetBios services:

NETBIOS Name Service (TCP/UDP: 137)

NETBIOS Datagram Service (TCP/UDP: 138)

NETBIOS Session Service (TCP/UDP: 139)

 

What is truly worry some about 445 & 137-139 is they accept udp connections which means the connection can be spoofed.

[G+_Ben Tyger]

Most US ISPs block 445 & 137-139 from the outside coming on most consumer grade networks.

[G+_William L. DeRieux IV]

Ben Tyger I'd say that's probably true.......but it can't be relied upon.

 

And it also bad practice to push the security of the network on to outside forces -- just to claim I don't have to worry about it because someone else is handling it.

 

It's bad because you have no control or say so in what is done -- the company could decide to open everything up (because it costs, too, much or they just don't want to bother with it anymore) and now you are completely open to attack.

[G+_Ben Tyger]

William L. DeRieux IV Oh I agree. I bet if the ISPs didn't do that, the US's numbers would have been horrible.