Steve Gibson port scanner port 443?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

kiwia

Member
Sep 18, 2020
6
0
Hi

I used ShieldsUP to scan and found that port 443 was open before I used a credit card to buy something?
I asked my network colleague if we are secure and this was his reply,

"The port you have highlighted is a secure and encrypted alternative to port 80 which is widely used and recognised and on our end also backed up with SHA256 encryption and certification, including MFA on the systems with the most sensitive data."

So, I would like anyone’s opinion on this if he is right that this is secure or not?

Thanks

Chris
 
That is not exact correct. Sheilds Up will scan YOUR ports on your network facing device (Likely your router). Where port 443 is the default for HTTPS you could in theory use that port or any port for anything. Lets say you are buying something from Amazon. You computer would first lookup the DNS record and then your computer would pick a random TCP port as the client and that connection would connect specifically to amazon’s server on port 443. What this means is that YOUR port 443 does not need incoming connections to buy something, as the connection request is started by you your hopefully and very likely your NAT router and computer expects a connect back from Amazon. So no if you use Sheilds Up on you home computer it is scanning whatever device is on the outside of your NAT. Also, If you use a vpn provider like express vpn or cyber ghost or nord, I’ve noticed that some times those internet facing Ips, which are likely shared, ports sometimes report as closed or open. Most home user, not running servers, would want there sheilds up to be completely green meaning that a request has zero responses. Does that make sense?
 
  • Like
Reactions: hyperbole
If the scan was targeting your router/firewall (which seems the most likely), then it means you have a web server open to the public on that port. (Well most likely... that port is for SSL/TLS/HTTPS but it could be anything wanting to spoof a HTTPS server.) If it's targeting your PC directly, then it would appear you have something listening on that port running on your PC.

So you'd need to inform us if you know you're hosting a web server first, before we could conclude whether that might be a problem or not.
 
Thanks folks for your comments, this was an internal network port scan using Sheilds-UP for port 443.

So if we are hosting a web server (which I'll check) could this be a potential problem?
Thanks
 
this was an internal network port scan
Well Steve's Shields UP can't scan past the firewall/gateway. (More specifically if you're using NAT, then whatever device is doing the NAT is the target of the scan.) If this is your router, then it's most likely that you have enabled WAN management of the router, which is not really a great idea. You should check your router configuration and disable WAN management. (Meaning only someone on the inside of your network could log into the router, and blocking any attempts to attack it from the Internet.)
 
Well the way some of these are worded it makes me think that you are more sophisticated that a simple home user. I don’t know if you fancy firewall or not, but I know with my pfsense firewall it has something called state tables, if anything was connecting to a server on your netwrok, I think it would show up in the state tables. I don’t think it would if it was only listening and had no connection. (not 100%, but I don’t why it would) It is the same thing as when you use the netstat command and it has the state column. I don’t know what the state tables would do in a shields up scan if shields up found an open port, but my guess is it would show up as established. This information might not be all that helpful. You could just copy and paste your public ip into a webbrowser and see if the browser connects to anything. OR it could be that your router has remote management enabled.
 
Even better, if you have a cell phone with a data plan and a browser, type in your public ip and see if a web page pops up.
 
Interesting comments thanks, using my mobile data with the IP address the website doesn't come up and I get Index of / cgi-bin/ 2020-03-20 13:35?
 
If you get that, something is acting as a web server on your machine. /cgi-bin/ is normally a folder one level below the "root" of a web server. The other possibility is that it is your router which has a web server open to the internet side.

Try checking your machine with "netstat -a" from a command line. That should show if anything is listening on port 443, and what program it is.
 
If this is your router, then it's most likely that you have enabled WAN management of the router, which is not really a great idea
I agree. It seems that you have WAN management enabled on your router. If you are on a home network, using a cable modem, for instance, if you don't own the modem, but rent it from the cable company, they may have remote management turned on, and you may not be able to turn it off. This is why I never use the provider's modem, but buy my own, so I can control what's turned on on the WAN side. If you can't use your own modem, for whatever reason, then at least place another router as a firewall immediately on your own (LAN) side of the modem, and lock it down tight. That way, even if the modem is showing as only a L2 bridge, you can still control what gets into your network from the WAN side.
 
  • Like
Reactions: hyperbole
Chris,

What your network expert friend said is quite irrelevant to the issue at hand. The correct response is that there should not be any open ports, so yes you
do have a security problem.

And, there is no such thing as "an internal network port scan using Sheilds-UP for port 443." Everything ShieldsUp tests is external.

If your router or modem/router box is from your ISP, talk to them. If you have your own router, then you are master of your domain and you can (somehow) close the port.
 
I periodically use shields up to scan my computer. Many times the screen showed all green. Now I have Port 443 open. How did it become open. Port 80 reports closed. I have bought a few things. Never thought the door would be left open. Personally I would like to close this port. At least change it to closed
 
Now I have Port 443 open

Port 443 is the HTTPS port. (So "port 80 but secure".) You likely have something running a web server on that port. Maybe an admin page for some device. Make sure WAN management access to your router is disabled.

Find out what your internet IP is (a website can tell you, like https://whatismyipaddress.com/) and then try connecting to https://{ip address} and see if you can learn more.
 
Thanks for your information. I am unaware of the 2 suggestions. My landlord pays for the internet and I use it mostly. I did a shields up on his computer with permission. The results are different. I subscribe to Office 365 Recently I changed to Windows 11.
MY ISP is Rogers Communications in Canada I use Bit Denfender as my VPN and their product Bit Defender Total Security
 
Thanks for your information. I am unaware of the 2 suggestions. My landlord pays for the internet and I use it mostly. I did a shields up on his computer with permission. The results are different. I subscribe to Office 365 Recently I changed to Windows 11.
MY ISP is Rogers Communications in Canada I use Bit Denfender as my VPN and their product Bit Defender Total Security
Was BitDefender VPN enabled when you ran the test?

If so, disable it and test again. When VPN is enabled, you’re testing the VPN server you’re connected to.

Because your landowner provides you with the Internet service, it’s possible that they opened the port for one of their computers. As @PHolder suggested, trying https://ipaddresshere should reveal what is there.
 
Interesting result here.
1732240100143.png
 
The above shows when the VPN is not connected. I notice 135 is closed Nothing at the suspected 643