2
Port scans of my old Netgear router showed that port 4567 was open. I assumed my router was to blame. Now port scans of my new Linksys router show the same open port, which makes me think my DSL modem is the culprit.
Can a DSL modem leave a port open? And if so, am I (reasonably) safe if my router disallows remote administration, disallows port forwarding, and isn't vulnerable to known UPnP exploits?
Andy Giesler
Posted 2014-10-10T13:57:00.460
Reputation: 1 051
2
It depends on the port number, depending on the channel you leave open you are vulnerable to different types of exploits to your network.
Now its a known default setting that a router has port 4567 open for some weird reason as it can allow malware to go through but you can just go through the following instructions to close it.
First check if it is under the "port forwarding rules"
So try going to your "Firewall Settings" on your router. Select "Advanced Filtering", under "Broadband Connection" select "add" to add the filtering of TCP port 4567. You will see various menu choices. The bottom line is that you want to drop any packets coming to your modem public IP address from any port to TCP port 4567. I did that, scanned again using the www.auditmypc.com trojan scan, and it worked. It should no other ports open when it initially said that TCP port 4567 was open. Hope this helps!
UPDATE
on further research i discovered some ISP's keep it open so they can push firmware updates on without tech involement.
DarkEvE
Posted 2014-10-10T13:57:00.460
Reputation: 377
There are also suggestions that manufacturers are being required to leave port 4567 open as a monitoring point for law enforcement, etc. http://www.wilderssecurity.com/threads/cisco-backdoor-still-open.264650/
– Ian M – 2014-10-10T14:12:16.177well, I learned something bad today.. – DarkEvE – 2014-10-10T14:13:23.073
Thanks for the instructions. I'll try to block that port. – Andy Giesler – 2014-10-10T15:02:02.270
1
If the modem had the port open, then it's highly unlikely that in a default configuration traffic received on that port will be seen by your router, since the modem would need to be configured to forward the port to the router. You can determine whether your router is setting the traffic by 1) Determine your public IP address with www.whatismyip.com 2) Disconnect your router from your modem, 3) From a friend's Internet connection, do a port scan against your public IP address. If the port is still open, it's open on your modem, but not necessarily in your router.
– I say Reinstate Monica – 2014-10-10T16:49:24.393@Twisty Great suggestion for figuring out whether it's the modem. I'll try that. – Andy Giesler – 2014-10-10T19:30:14.467