• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2630
  • Last Modified:

ISP port scan please help

How can I check what ports are blocked by my cable modem ISP?
0
islamk
Asked:
islamk
  • 3
  • 3
  • 2
  • +2
1 Solution
 
lrmooreCommented:
Ask them...
0
 
DVation191Commented:
go here... https://www.grc.com/x/ne.dll?bh0bkyd2
and scan for "common ports" when given the option. assuming your ports are visible from the outside, the test will reveal which ones are closed and which are open.
0
 
pseudocyberCommented:
Most of the time, they don't block anything.  Sometimes, they'll block IPSec VPN so they can charge higher "business" rates to open it up.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
lrmooreCommented:
My cable ISP blocks ICMP... no pings, no tracroutes, not even with a "business" rated line.
TCP port 135 is also blocked, but it does not appear that any others are being blocked.

Some cable ISP's block SMTP port 25, ftp port 21 and www port 80 to encourage server users to purchase a higher-priced business rate line.
 
An external scan of your IP address will only report on ports that your system is listening on. If you don't have a web server running, then you can't tell if port 80 is blocked or not. If you don't have a SMTP mail server listening on port 25, you won't know if that port is blocked or not.

The only way to know for sure is to ask.
0
 
AshuraKnightCommented:
Why don't just call them -.-
0
 
islamkAuthor Commented:
I agree with  lrmoore :-)
Call them they don't know what i'm taking about I'm asking for the incomming traffic the site above will not test that
Thansk
0
 
AshuraKnightCommented:
Lol that's the problem with ISP Customer Service :D


And regarding the link given by DVation

"Beyond providing a comprehensive test of your
system's first 1056 ports, this service ports
scan can be used for additional research:

Service Ports Scan Application Guide
( Cool things you can do with our Service Ports Probe )

Detecting Ports Blocked by Your ISP <--------------- THIS

Internet service providers often block specific traffic entering their network before it reaches their customers, or after leaving their customers before it exits their network. This is sometimes done to block the exploitation of common security vulnerabilities, and sometimes to prevent their customers from offering proscribed Internet services.

As a customer, it can be useful and interesting to know which service ports, if any, an ISP has chosen to preemptively block in order to restrict their customers' global Internet traffic.

ISP port blocking can be easily tested, often quite rapidly, by arranging to allow the ShieldsUP! probe to have access to an unprotected computer. Since all non-stealth machines will respond to every open request — either affirmatively or negatively — ports appearing as STEALTH will be those blocked by your ISP, corporate firewall, or other external agency.


             If your system is unprotected, without any personal firewall or NAT router, any ports showing as stealth are being blocked somewhere between your computer and the public Internet. This is probably being done by your ISP. Internet traffic directed to your computer at the stealth ports will be dropped before reaching your machine.
 

             If your system has a personal firewall that can be instructed to "trust" a specific remote IP, you can temporarily instruct it to trust the ShieldsUP! probe IP of [204.1.226.228]. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any which remain stealth are being blocked by your ISP.
 

             If your system is operating behind a residential "NAT" router, the router will be acting as a natural and excellent hardware firewall. But that's not what you want for the moment. You can temporarily remove your NAT router and connect an unprotected computer directly to your cable modem or DSL line. Or, if you are comfortable reconfiguring your NAT router, you may be able to point the router's "DMZ" at one of your computers which has been instructed to "trust" our probe IP of [204.1.226.228]. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any remaining stealth are being blocked by your ISP.
 

             Finally, if your Internet security system, NAT router, personal firewall, or whatever, can produce detailed logs of incoming Internet packets, you could leave your existing security in place, clear your log, run the service ports scan, then carefully inspect your log for any consistently missing port probes. We send out four sets of probing packets because individual packets are sometimes dropped along the way. Therefore, it won't be unusual to see occasional missing packets from your logs. What you're looking for is a complete lack of packets bound for a specific port. A careful and detailed examination of your log will reveal any missing ports which are being blocked before they reach your logging tool. (Note that this technique is not quite as foolproof as the other approaches since ISPs could be blocking outbound packets from their customers, which the other approaches would detect but log-watching would not.)

After completing the experiments above, remember to return your system to its previous tight security and verify that everything is safe again by re-running any of our tests. "

You can use "Common Ports" scan or "All Service Ports" scan to do what you after :)

Gd luck
0
 
lrmooreCommented:
If they don't know what you're talking about, chances are they are not blocking anything.
What, exactly, are you wanting to do? Are you having problems getting specific ports through for a specific application?
0
 
islamkAuthor Commented:
I do have the linksys WRT54G I'm trying to remote the router on port 80, 8080 it's not working i know 21 is working i can get to my ftp server from outside also i want to forward the correct ports so i can use xp as a vpn server any1 used xp VPN that way?
0
 
DVation191Commented:
"An external scan of your IP address will only report on ports that your system is listening on."

Thats not entirely true...granted it depends on your setup...but I have a PC in a DMZ behind a router and can go to the site to have the pc scanned. all the ports that are not blocked are simply reported as "closed". those ports that are blocked are reported as "stealth". thats how I can tell which ports my ISP blocks...and i've confirmed it with them.
I can't argue that it won't work in all cases, but the first expert opinon was to ask, second to that I thought the next best thing to do would be to run a scan.
0
 
islamkAuthor Commented:
Any good steps to setup a dmz server?
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now