NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Marynofear's avatar
Marynofear
Aspirant
Aug 02, 2022
Solved

R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Doing a port scan on  the R7000 with the latest 2 version of the firmware shows that port 520 is closed but not stealth. Port 520 is "efs" extended file name server. This might be the internal USB R...
Firmware
Security
  • FURRYe38's avatar
    FURRYe38
    Aug 02, 2022

    I was curious about this as well so I put my R7000 online with CM1200 modem.

    I had v.134 loaded then also loaded v.136 and factory reset the router and setup from scratch. 

    Both report port 520 is Stealth'd:

    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2022-08-02 at 22:00:12

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.

    ----------------------------------------------------------------------

     

    Tested both on a wired WIndows 10x PC and a Mac Book Pro 2018

    uPnP test also passing as well. 

     

microchip8's avatar
microchip8
Master
Aug 02, 2022
How are you doing these port checks? If using an online service, there's something needs to listen on that port for it to report it as open
  • Marynofear's avatar
    Marynofear
    Aspirant
    Aug 02, 2022

    I'm using Gibson Research Corporation ShieldsUP  GRC | ShieldsUP! — Internet Vulnerability Profiling

    A reliable utility I have been using for years, doing vulnerability checks on different sites.
    Port 520 used to be stealth. But with the two latest firmware upgrades it has been visible. But closed.
    I definitely want it to be stealth. No reason to leave a visit card. Yelling 'hello' there is something behind this address.

     

    • FURRYe38's avatar
      FURRYe38
      Guru - Experienced User
      Aug 02, 2022

      When you testing this site, are you testing with only a wired PC connected to the router while ALL other devices are disconnected from the router before testing? Ensure ALL background running apps are also disabled before testing? 

      What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

       

      Do you have any Ready Share features enabled on the router? 

      "It turned out to be some obscure Mac file system developed back in the 80's."

      Plausible that NG could have used this with there ReadyShare features. Don't know for sure.

      RIP is on same port on the UDP side. Might check and disable RIP and test to see if this changes anything.

      • Marynofear's avatar
        Marynofear
        Aspirant
        Aug 02, 2022

        Test on wired PC everything else disconnected.
        Router setting everything disabled no RIP, no port forward, no Readyshare, no USB, no uPnP, No dynamic IP, no VPN, setup as router, no Static routes, no IPv6, no Bridge.
        Total basic striped down.
        After I found the port was not stealth, I tried most settings. I even was resetting the router.  Still not stealth.