Why port scanner does not detect that my port 443 is open?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

grga

New member
Dec 26, 2024
2
0
I am pretty sure there is a simple answer to my question stemming from lack of solid understanding of complex networking concepts.

I have a TP-link router, and after all the hoopla about it, I wanted to see if it had any ports open.

I first went to https://<my_public_ip>, and sure enough I got a login page.
Of course, I changed the default password when I got the router.

Then I went to grc.com/shieldsup to test to see if any ports were open.

To my surprise all ports reported to be stealth. I ran UPNP test followed by All Service Ports scan and everything was green. No ports were found to be open. I don't understand why I would get a login page when I go to my public_IP and yet Shieldsup does not see that port 443 is open.

I have a cable modem, and my TP-link router is plugged into the cable modem, and my computer is plugged into the TP-Link Router. This is the router I have:

TP-Link ER605 (TL-ER605) Multi-WAN Wired VPN Router.​

I am very puzzled by this and would appreciate very much if someone could enlighten me.
Thank you all.
 
I first went to https://<my_public_ip>, and sure enough I got a login page.
Odds are the router recognized your doing this, and didn't actually consider it an access from the outside.

You have to try it from a VPN or from someone else's location in order to see for sure if it replies to outside connection attempts.
 
@grga : What these guys are saying is that your router serves as a “bridge” between two separated networks: The "outside" Internet, known as the WAN (Wide Area Network) and your own separate "inside" network, known as the LAN (Local Area Network). So, YOU are able to access your router's management interface using your public IP — but ONLY because you are on the separate "inside" network. What ShieldsUP! is showing you is that the view from the "outside" network, where GRC's ShieldsUP! network scanner is located, your router is NOT making that management interface available — which is definitely what you want! 👍
 
Yes, that was it. I tested it from my phone with my wifi off. I can see that it is not connecting. Awesome! Thank you all for your explanations. I learned something from you today.

Maybe this is not appropriate to post here, and if not please ignore.

Now that I did all the tests I could on my TP-LINK router and see no issue, I am still wondering if it is safe given the fact that the US Government has declared TP-Link routers unsafe and is considering a ban. I really like this router as it allows me to segment my network. Does anyone have an opinion if I should replace it due to US Government stance on TP-Link?

Thanks again for sharing your expertise.
 
US Government has declared TP-Link routers unsafe and is considering a ban.
I'm sure there is some common sense here... but it's hard to also not see that there is likely some politics too. The bigger question for you would be what would your potential replacement be? There are only a few big brands in that space, Linksys, Netgear, ASUS, D-Link are the other four that jump to mind, and it's unclear that any of them is any better or any less made in China. Your best bet would be to go the higher end route, with something like a Ubiquity or a pfSense device, but that can be a significant commitment because they're much more capable and thus usually more complicated to match. There is also the possibility to check if your device can run some open source firmware, like OpenWRT. That can be quite a deep rabbit hole though and is not really for someone who wants something that "just works (TM)." ;)

For now I would take the obvious steps: 1. Make sure you're as secure as you can be with what you have. Seems like you've done this. Make sure you change/disable any default password, and disable any feature you know you're not using. ( https://routersecurity.org/turnoff.php ) 2. Check for updates to the firmware regularly. (If your device is old enough this may not apply.) 3. Replace your device when it's obviously old or new technology you want is on the market. Eventually you may want new things like WPA3, WIFI 6/6e/7 or a higher WAN/NIC speed like Multi-GIG.
 
Yes, that was it. I tested it from my phone with my wifi off. I can see that it is not connecting. Awesome! Thank you all for your explanations. I learned something from you today.

Maybe this is not appropriate to post here, and if not please ignore.

Now that I did all the tests I could on my TP-LINK router and see no issue, I am still wondering if it is safe given the fact that the US Government has declared TP-Link routers unsafe and is considering a ban. I really like this router as it allows me to segment my network. Does anyone have an opinion if I should replace it due to US Government stance on TP-Link?

Thanks again for sharing your expertise.
To be considered as OPEN a port has to respond to a query. No response makes it stealthy. Ostensibly, you can't attack what you can't see. Or, at least, that's my understanding.....