cancel
Showing results for 
Search instead for 
Did you mean: 

Port Blocking - Which ports are blocked on our network

jnwright
Grafter
Posts: 281
Thanks: 1
Registered: 05-04-2007

Port Blocking - Which ports are blocked on our network

Following the introduction of Plusnet's Broadband Firewall offering I spent a little time looking at the firewall logs for my router for a period of 24 hours up to midday today. As expected, I found that most probes are from outside the UK.
The total number of probes was 785 excluding pings aimed at my router.
Only 6.25% of these were probes to ports lower than 1024.

In the Plusnet Help Page "Port Blocking - Which ports are blocked on our network" to be found at
http://portal.plus.net/support/customer_service/using/port_blocking.shtml
it is stated that ports 135, 445 & 1434 are blocked across the Plusnet network.
I'm on Premier option 1 currently connected to the pte-ag2 gateway and believe I should see no activity on these ports.

Amongst the probes to my router there was 1 Plusnet customer who probed port 445 twice.
The same customer probed port 135 once.
Port 135 was probed by another Plusnet customer once and another Plusnet customer probed it 5 times.
Also port 135 was probed by a force9 customer.

This leads me to think that ports 135 and 445 may be blocked to the outside world, but are definitely open within the Plusnet network as all activity on these router ports was from within.

So, is this something that is broken and needs fixing on Plusnet's network?

I have the dates, times and IP addresses logged if they are of any use to Plusnet in rectifying the problem.
8 REPLIES
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Port Blocking - Which ports are blocked on our network

It's my understanding that that is correct.

Ports 135, 445 & 1434 are blocked at the perimeter of PlusNet's network, but not between customers.

Chilly
jnwright
Grafter
Posts: 281
Thanks: 1
Registered: 05-04-2007

Port Blocking - Which ports are blocked on our network

Thanks for that information Chilly.

If that's correct it means that the statement "The following ports are blocked across our network: etc" isn't entirely correct and should be reworded in the form "The following ports are blocked at the perimeter of our network: etc".

Since computers are already compromised within the Plusnet network, there is already a problem within the network and blocking the outside world on these ports only lengthens the survival period of a computer which hasn't had software updates applied and is not protected by a firewall. So nothing for Plusnet to be to be proud of!
Zathras
Grafter
Posts: 295
Registered: 01-08-2007

Re: Port Blocking - Which ports are blocked on our network

Quote

Amongst the probes to my router there was 1 Plusnet customer who probed port 445 twice.
The same customer probed port 135 once.
Port 135 was probed by another Plusnet customer once and another Plusnet customer probed it 5 times.
Also port 135 was probed by a force9 customer.

Lol Ive 1 PN customer who scans me every 44minutes hes online for the last 3-4 months.
Liam
Grafter
Posts: 2,083
Registered: 04-04-2007

Port Blocking - Which ports are blocked on our network

I've got a note in my pad to look into these pages on Monday and speak to our Online Support Team to get them amended / improved.

Will let you know the outcome.
jnwright
Grafter
Posts: 281
Thanks: 1
Registered: 05-04-2007

Port Blocking - Which ports are blocked on our network

Thanks Liam. That will eliminate any misunderstanding of where Plusnet blocks these ports.

If the pages are rewritten it might be worthwhile stating the obvious - The Plusnet blocking does not cut down the necessity to use up to date antivirus software and a good firewall especially on laptops, which may be used on other networks and may unknowingly infect other computers in the home environment when brought back into the home network, only protected to attack from the outside world by a router firewall.

I think the Plusnet firewall is a good idea and can see the advantages to both Plusnet and the end users. It is not a replacement for anything, but a beneficial addition. Good security still has to be employed within the home network environment.
oliverb
Grafter
Posts: 606
Registered: 02-08-2007

Port Blocking - Which ports are blocked on our network

I'd like to add one detail:

When you see blocked port activity from an IP address it can't be guaranteed that it came from that address.

By that I mean that:

A PC can generate packets with spoofed return addresses.

An ISP's routers will usually pass on a packet with spoofed return address, though it can be filtered here it usually isn't.

The target computer will log the spoofed address. Since it rejected the packet there will be no TCP handshake so the spoof will not be detected.
chrisjon
Dabbler
Posts: 17
Registered: 09-08-2007

Port Blocking - Which ports are blocked on our network

hi

try this site if you want to see how secure you are
www.grc.com
you can check all ports
regards
oliverb
Grafter
Posts: 606
Registered: 02-08-2007

Port Blocking - Which ports are blocked on our network

Quote
you can check all ports

Not all ports, it only detects TCP ports, not UDP or other protocols. Also it usually only tests the box connected to the internet so if you have a router it tests the router not your PC.