11-10-2005 07:05 AM - edited 03-09-2019 01:00 PM
Question:
There is a PC behind a cable modem. The cable modem is "blocking" port 161 snmp. I know this because it defines that in teh cable modem config file from the ISP. But, when I port scan the PC from the internet, my scanner reports that port 161 is OPEN. So, is it possible that port 161 traffic is blocked but the port scanner uses some other mechanism to see that 161 is open on the PC? I'm confused.
11-10-2005 04:33 PM
just couple quick thoughts.
cable modem is blocking udp 161. it might only means blocking itself, i.e. no one call poll snmp data from the cable modem.
wondering how would you port scan from the internet to a pc. does it mean there is a 1-to-1 nat for the pc?
11-11-2005 07:43 AM
Thanks for the reply.
In the cable modem config file (from ISP) there is a line that says to block port 161. When trying to SNMP walk the PC behind the cable modem I could not get a response, but upon port scanning the PC I could see port 161 open. Now the cable modem file has been modified to allow 161 I can walk the MIB on the remote PC. I say PC as a generice term, I really mean wireless router. SORRY.
So, when I portscan something and the program sees port 161 as "available" on a remote system, it must see it's opne but doesn't really use port 161 to verify that. Is that a safe assumption?
11-12-2005 02:48 AM
i guess it's really depends on the port scanner being used and the scanning techniques.
try the freeware nmap, as it comes with many different scanning techniques and it may yield more accurate result.
http://www.insecure.org/nmap/man/man-port-scanning-techniques.html
11-12-2005 06:15 AM
Thanks for the link and comments.
01-27-2006 02:15 PM
Hi,
it all depends on how the cable modems is configed.
Ifs done from a docsis file it can be done in many ways :
http://www.cisco.com/univercd/cc/td/doc/product/cable/cab_rout/cmtsfg/ufgcfile.htm
Martin
DK
01-27-2006 02:16 PM
01-28-2006 06:14 AM
Hello,
scanning UDP ports is tricky as there is NO response to a UDP packet, when:
A. the packet is dropped because of a firewall
B. The port is open.
Some scanners are misleading in their results (sometimes because the security solution of the scanning site will be offered to solve the problems).
Hope this helps! Please rate all posts.
Regards, Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide