Reply

R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Marynofear
Aspirant

R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Doing a port scan on  the R7000 with the latest 2 version of the firmware shows that port 520 is closed but not stealth.

Port 520 is "efs" extended file name server. This might be the internal USB Ready Share that causes this fault.
Before all Ports were stealth. 

Going through the official support on this old R7000 seem to be a city in Russia (not existing, or not possible)
Anybody know how to fix this ?

Message 1 of 11

Accepted Solutions
FURRYe38
Guru

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

I was curious about this as well so I put my R7000 online with CM1200 modem.

I had v.134 loaded then also loaded v.136 and factory reset the router and setup from scratch. 

Both report port 520 is Stealth'd:

SheildsUpResultsAllPassing.png

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2022-08-02 at 22:00:12

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

 

Tested both on a wired WIndows 10x PC and a Mac Book Pro 2018

uPnP test also passing as well. 

 

My Setup ISP SparkLight | Internet Cable 1000↓/50↑ CAX80 Modem Mode |  Wifi Router MK83+ (Router Mode) | and RBK853 (Router Mode) | Switches NG GS105/8, GS308v3, GS110MX and XS505M | Additional NG HW: C7800/CAX80/CM1100/CM1200/CM2000, Orbi: CBK40, CBK752, RBK50, RBK853, RBK752, RBK953, SXK30 | NightHawk: MK63, MR6150, R7000, R7800, R7960P, R8000, R8500, R9000, RAXE500, RAX50, XR450, XR1000, EX7500/EX7700

View solution in original post

Message 8 of 11

All Replies
microchip8
Master

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

How are you doing these port checks? If using an online service, there's something needs to listen on that port for it to report it as open
Routing: NETGEAR RAX43 - Firmware: v1.0.12.120 (1 Gbps down, 40 Mbps up)
Switching: 2x NETGEAR 8-ports (GS108v4) / 1x NETGEAR 16-ports (JGS516v2)
Desktop: AMD Ryzen 7 3700X - Server: Intel Core i7-7700K - NAS: Intel Pentium G4400, 20 TB
Message 2 of 11
Marynofear
Aspirant

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

I'm using Gibson Research Corporation ShieldsUP  GRC | ShieldsUP! — Internet Vulnerability Profiling

A reliable utility I have been using for years, doing vulnerability checks on different sites.
Port 520 used to be stealth. But with the two latest firmware upgrades it has been visible. But closed.
I definitely want it to be stealth. No reason to leave a visit card. Yelling 'hello' there is something behind this address.

 

Message 3 of 11
FURRYe38
Guru

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

When you testing this site, are you testing with only a wired PC connected to the router while ALL other devices are disconnected from the router before testing? Ensure ALL background running apps are also disabled before testing? 

What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

 

Do you have any Ready Share features enabled on the router? 

"It turned out to be some obscure Mac file system developed back in the 80's."

Plausible that NG could have used this with there ReadyShare features. Don't know for sure.

RIP is on same port on the UDP side. Might check and disable RIP and test to see if this changes anything.

My Setup ISP SparkLight | Internet Cable 1000↓/50↑ CAX80 Modem Mode |  Wifi Router MK83+ (Router Mode) | and RBK853 (Router Mode) | Switches NG GS105/8, GS308v3, GS110MX and XS505M | Additional NG HW: C7800/CAX80/CM1100/CM1200/CM2000, Orbi: CBK40, CBK752, RBK50, RBK853, RBK752, RBK953, SXK30 | NightHawk: MK63, MR6150, R7000, R7800, R7960P, R8000, R8500, R9000, RAXE500, RAX50, XR450, XR1000, EX7500/EX7700

Message 4 of 11
Marynofear
Aspirant

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Test on wired PC everything else disconnected.
Router setting everything disabled no RIP, no port forward, no Readyshare, no USB, no uPnP, No dynamic IP, no VPN, setup as router, no Static routes, no IPv6, no Bridge.
Total basic striped down.
After I found the port was not stealth, I tried most settings. I even was resetting the router.  Still not stealth.

Message 5 of 11
FURRYe38
Guru

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Please post a screen capture of this result. 

My Setup ISP SparkLight | Internet Cable 1000↓/50↑ CAX80 Modem Mode |  Wifi Router MK83+ (Router Mode) | and RBK853 (Router Mode) | Switches NG GS105/8, GS308v3, GS110MX and XS505M | Additional NG HW: C7800/CAX80/CM1100/CM1200/CM2000, Orbi: CBK40, CBK752, RBK50, RBK853, RBK752, RBK953, SXK30 | NightHawk: MK63, MR6150, R7000, R7800, R7960P, R8000, R8500, R9000, RAXE500, RAX50, XR450, XR1000, EX7500/EX7700

Message 6 of 11
Marynofear
Aspirant

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Well I cant se what use a screenshot can do. But anyway, here it is.
Found I was having Rip v1 enabled. Tried to disable RIP. But doing that exposed port 68 also as closed.
And also port 520 was still visible. And as I sometimes uses a Wi-Fi extender I will leave RIP enabled.
Reenabling it, makes port 68 stealth again.
I was wandering if it is possible to find some of the old firmware versions.
Last two firmware updates has this 'BUG'. But I know for sure, that the version prior to this, was 100% stealth. 
Cant remember the version number.

Message 7 of 11
FURRYe38
Guru

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

I was curious about this as well so I put my R7000 online with CM1200 modem.

I had v.134 loaded then also loaded v.136 and factory reset the router and setup from scratch. 

Both report port 520 is Stealth'd:

SheildsUpResultsAllPassing.png

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2022-08-02 at 22:00:12

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

 

Tested both on a wired WIndows 10x PC and a Mac Book Pro 2018

uPnP test also passing as well. 

 

My Setup ISP SparkLight | Internet Cable 1000↓/50↑ CAX80 Modem Mode |  Wifi Router MK83+ (Router Mode) | and RBK853 (Router Mode) | Switches NG GS105/8, GS308v3, GS110MX and XS505M | Additional NG HW: C7800/CAX80/CM1100/CM1200/CM2000, Orbi: CBK40, CBK752, RBK50, RBK853, RBK752, RBK953, SXK30 | NightHawk: MK63, MR6150, R7000, R7800, R7960P, R8000, R8500, R9000, RAXE500, RAX50, XR450, XR1000, EX7500/EX7700

Message 8 of 11
Marynofear
Aspirant

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Will try and do a new factory reset. And then try again.
I will be back....... with an update.

Message 9 of 11
Marynofear
Aspirant

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Seems factory reset, and manual setup did the trick. (did not load the backup config)
Thanks @FURRYe38 

Message 10 of 11
FURRYe38
Guru

Re: R7000 V1.0.11.136_10.2.120 port 520 is visible and closed (not stealth)

Glad you got it working.  Be sure to save off a new back up configuration to file for safe keeping. Saves time if a reset is needed.
https://kb.netgear.com/24231/How-do-I-back-up-the-router-configuration-settings-on-my-Nighthawk-rout...
Enjoy. 📡

 

My Setup ISP SparkLight | Internet Cable 1000↓/50↑ CAX80 Modem Mode |  Wifi Router MK83+ (Router Mode) | and RBK853 (Router Mode) | Switches NG GS105/8, GS308v3, GS110MX and XS505M | Additional NG HW: C7800/CAX80/CM1100/CM1200/CM2000, Orbi: CBK40, CBK752, RBK50, RBK853, RBK752, RBK953, SXK30 | NightHawk: MK63, MR6150, R7000, R7800, R7960P, R8000, R8500, R9000, RAXE500, RAX50, XR450, XR1000, EX7500/EX7700

Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 1008 views
  • 1 kudo
  • 3 in conversation
Announcements

Orbi WiFi 6E