Are you certain there’s a router between the modem and the computer? Switching the OS on the computer should not change the results of an external scan.
One scenario where this might happen would be if you are running a webserver and upnp is enabled on the router and the desktop is sending upnp requests to open port 443 on the firewall. If the latter scenario is the case disabling upnp on the router should resolve the issue you’re describing.
For their context “stealthed” is “ignored/dropped”
I take it means dropped, but that’s “stealth” in marketing speak. But either way, as far as I understood the intention, the need may be (for some reason not yet explained) to do this to the desktop pc. If this was about shutting down router remote connection (from internet side), the yes, that too is important to do, but it’s not the same as killing 443 on router. 443 is the default to use with HTTPS in normal internet browsing. And local connection to management is via https/https often to that from the local net side. Remote (depending on how that is defined, ssh or … telnet (probably not anymore though)) is usually 21 or 22.
Hi guys, thanks for the replies.
I have upnp disabled on the router, nothing is connected to the routers USB. No web management is running because that’s bad! I’m MCDST and still fix computers occasionally so I know my way around. Although I’m not a network expert I know the basics.
On my android the same scan returns a passed result but if I turn one of my vpns on it returns a failed because of such ports as 443 being left open.
If windows is returning a pass and all I do is restart into pureos and I get different results is 443 is open then that is the issue, pureos. Or am I wrong somehow?
Plot thickens, doesn’t clear. I can’t say much to the Windows side and the vpns are an additional thing (depending how they are set up and how they behave, I wouldn’t count them out as affecting this either).
First, let’s see if we have the whole thing right here. Your setup is such that you have…
a router that is directly connected to the net (ADSL, cable or similar) and no additional modem or such in front of that
you only have one desktop computer connected to the router via ethernet cable
you also have a wifi network on the router that you use with your phone (expecting that it’s the same network that the desktop is and not separated somehow)
Then the assumptions, the scan:
What do you use as a scanner? (phone app, w program, linux command, website?)
Where did it scan from? From outside the network or inside?
Can you provide the data (copypaste or screengrab image or both)? Remember to check for personal details and edit those.
Is this annoying 443 seen only on linux side but is it in normal use or only when vpn is active or both? Is there difference? You may need to sketch a matrix to paper to make sure you’ve checked every scenario combination to be sure.
This is because I’m still not definite where your seeing the open 443 and if this is normal behavior that should be as is. If the problem is with desktop, keeping that phone to see everything, from a separate perspective if you will, is good, as it doesn’t change while you test the other combinations.
There is a short cut also. If this is something only when in your desktop’s linux, and you think it’s the culprit, use gufw to drop (deny, make “stealth”) anything to 443 and see what happens. Install it if you don’t have it yet. If this is on the router, the same should be easy enough to do in the management tools. Should be easy enough to do and undo.
Rather than following the suggestion in that guide, I would recommend a) first preference option, disable SSL VPN if you don’t need it, or b) second option, move the SSL VPN to a higher-numbered (>1024) random port if you do need it.
Ok, this clears up several things. We are talking about the router specifically and what that shows to outside. That link should have plenty of info for now.
Ay, an open HW router would be nice, but already there is the option of Openfirmware towards a better alternative at home.
The two related models listed there look to be, on the one hand, quite limited for my purposes but, on the other hand, include WiFi, which I don’t want on a router (although I recognise that many people will).
My router is too mature to run openwrt. Update: might have got that wrong.
Anyway, router is definitely due for an upgrade so if I had a “pure” option …
Well, since apparently your problem seems to be with the router and its firewall settings, instead of PureOS, and none here seems to use that device, you’ll get better help from the manufacturer’s site or from the device manual (for “older firmware” - remember to update that too, while you’re at it), I would guess.
Displays all the open ports on the machine and the process that use them.
Flags are:
-t show tcp
-u show udp
-n no dns resolve
-a show all ports both listening and non-listening (edit: use -l only for listening instead)
-p show the process that opened the port (requires sudo/root access)
OK, please confirm whether your ISP supports only IPv4 or is dual stack (IPv4 and IPv6).
Then same question for the router itself.
Maybe grc doesn’t even support IPv6, I don’t know, but it’s one thing to check off.
Perhaps your router has other ideas.
The point is: As the scan from my computer shows, ports 139 and 445 are open on the router despite my preference. There is no attached storage. I most definitely don’t want to offer any Windows shares to the internet but my router has other ideas.
So were you to move the router’s VPN from port 443 to, say, port 45164 and were that to cause grc to show that port 443 is no longer open then that is evidence that the problem is on the router.
OR, how about, I close the port on my pc under pureos and then run the scan, if it still says port 443 is open then i should start looking deeper into things. What is the difficulty in helping do this one thing? Hasnt anybody showed you the 1st rule of problem solving is to try the simplest thing first?
If you turn on your VPN connection then you are scanning your VPN provider’s IP address not yours. (I didn’t saw an option on GRC to enter an IP to scan; it is autodetected, so it will autodetect the VPN server’s IP. And most likely they have a web server on 443 (https) or the vpn server ).