Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1811
Views
0
Helpful
7
Replies

Port scanning and blocking ports

b.withrow
Level 1
Level 1

‎11-10-2005 07:05 AM - edited ‎03-09-2019 01:00 PM

Question:

There is a PC behind a cable modem. The cable modem is "blocking" port 161 snmp. I know this because it defines that in teh cable modem config file from the ISP. But, when I port scan the PC from the internet, my scanner reports that port 161 is OPEN. So, is it possible that port 161 traffic is blocked but the port scanner uses some other mechanism to see that 161 is open on the PC? I'm confused.

Labels:
0 Helpful
7 Replies 7

jackko
Level 7
Level 7

‎11-10-2005 04:33 PM

just couple quick thoughts.

cable modem is blocking udp 161. it might only means blocking itself, i.e. no one call poll snmp data from the cable modem.

wondering how would you port scan from the internet to a pc. does it mean there is a 1-to-1 nat for the pc?

0 Helpful

b.withrow
Level 1
Level 1
In response to jackko

‎11-11-2005 07:43 AM

Thanks for the reply.

In the cable modem config file (from ISP) there is a line that says to block port 161. When trying to SNMP walk the PC behind the cable modem I could not get a response, but upon port scanning the PC I could see port 161 open. Now the cable modem file has been modified to allow 161 I can walk the MIB on the remote PC. I say PC as a generice term, I really mean wireless router. SORRY.

So, when I portscan something and the program sees port 161 as "available" on a remote system, it must see it's opne but doesn't really use port 161 to verify that. Is that a safe assumption?

0 Helpful

jackko
Level 7
Level 7
In response to b.withrow

‎11-12-2005 02:48 AM

i guess it's really depends on the port scanner being used and the scanning techniques.

try the freeware nmap, as it comes with many different scanning techniques and it may yield more accurate result.

http://www.insecure.org/nmap/man/man-port-scanning-techniques.html

0 Helpful

b.withrow
Level 1
Level 1
In response to jackko

‎11-12-2005 06:15 AM

Thanks for the link and comments.

0 Helpful

unicmd
Level 1
Level 1
In response to b.withrow

‎01-27-2006 02:15 PM

Hi,

it all depends on how the cable modems is configed.

Ifs done from a docsis file it can be done in many ways :

http://www.cisco.com/univercd/cc/td/doc/product/cable/cab_rout/cmtsfg/ufgcfile.htm

Martin

DK

0 Helpful

unicmd
Level 1
Level 1

‎01-27-2006 02:16 PM

Another link :

http://www.cisco.com/warp/public/109/docsis_config4.pdf

Martin

0 Helpful

mheusinger
Level 10
Level 10
In response to unicmd

‎01-28-2006 06:14 AM

Hello,

scanning UDP ports is tricky as there is NO response to a UDP packet, when:

A. the packet is dropped because of a firewall

B. The port is open.

Some scanners are misleading in their results (sometimes because the security solution of the scanning site will be offered to solve the problems).

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful
Customers Also Viewed These Support Documents