NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Marynofear's avatar
Marynofear
Aspirant
Aug 02, 2022
Solved

R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Doing a port scan on  the R7000 with the latest 2 version of the firmware shows that port 520 is closed but not stealth.

Port 520 is "efs" extended file name server. This might be the internal USB Ready Share that causes this fault.
Before all Ports were stealth. 

Going through the official support on this old R7000 seem to be a city in Russia (not existing, or not possible)
Anybody know how to fix this ?

Firmware
Security
  • FURRYe38's avatar
    FURRYe38
    Aug 02, 2022

    I was curious about this as well so I put my R7000 online with CM1200 modem.

    I had v.134 loaded then also loaded v.136 and factory reset the router and setup from scratch. 

    Both report port 520 is Stealth'd:

    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2022-08-02 at 22:00:12

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.

    ----------------------------------------------------------------------

     

    Tested both on a wired WIndows 10x PC and a Mac Book Pro 2018

    uPnP test also passing as well. 

     

10 Replies

  • microchip8's avatar
    microchip8
    Master
    Aug 02, 2022
    How are you doing these port checks? If using an online service, there's something needs to listen on that port for it to report it as open
    • Marynofear's avatar
      Marynofear
      Aspirant
      Aug 02, 2022

      I'm using Gibson Research Corporation ShieldsUP  GRC | ShieldsUP! — Internet Vulnerability Profiling

      A reliable utility I have been using for years, doing vulnerability checks on different sites.
      Port 520 used to be stealth. But with the two latest firmware upgrades it has been visible. But closed.
      I definitely want it to be stealth. No reason to leave a visit card. Yelling 'hello' there is something behind this address.

       

      • FURRYe38's avatar
        FURRYe38
        Guru
        Aug 02, 2022

        When you testing this site, are you testing with only a wired PC connected to the router while ALL other devices are disconnected from the router before testing? Ensure ALL background running apps are also disabled before testing? 

        What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

         

        Do you have any Ready Share features enabled on the router? 

        "It turned out to be some obscure Mac file system developed back in the 80's."

        Plausible that NG could have used this with there ReadyShare features. Don't know for sure.

        RIP is on same port on the UDP side. Might check and disable RIP and test to see if this changes anything.