Solved

ISP port scan please help

Posted on 2004-08-02
11
2,620 Views
Last Modified: 2013-11-30
How can I check what ports are blocked by my cable modem ISP?
0
Comment
Question by:islamk
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Ask them...
0
 
LVL 20

Expert Comment

by:DVation191
Comment Utility
go here... https://www.grc.com/x/ne.dll?bh0bkyd2
and scan for "common ports" when given the option. assuming your ports are visible from the outside, the test will reveal which ones are closed and which are open.
0
 
LVL 27

Expert Comment

by:pseudocyber
Comment Utility
Most of the time, they don't block anything.  Sometimes, they'll block IPSec VPN so they can charge higher "business" rates to open it up.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
My cable ISP blocks ICMP... no pings, no tracroutes, not even with a "business" rated line.
TCP port 135 is also blocked, but it does not appear that any others are being blocked.

Some cable ISP's block SMTP port 25, ftp port 21 and www port 80 to encourage server users to purchase a higher-priced business rate line.
 
An external scan of your IP address will only report on ports that your system is listening on. If you don't have a web server running, then you can't tell if port 80 is blocked or not. If you don't have a SMTP mail server listening on port 25, you won't know if that port is blocked or not.

The only way to know for sure is to ask.
0
 
LVL 5

Expert Comment

by:AshuraKnight
Comment Utility
Why don't just call them -.-
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:islamk
Comment Utility
I agree with  lrmoore :-)
Call them they don't know what i'm taking about I'm asking for the incomming traffic the site above will not test that
Thansk
0
 
LVL 5

Accepted Solution

by:
AshuraKnight earned 50 total points
Comment Utility
Lol that's the problem with ISP Customer Service :D


And regarding the link given by DVation

"Beyond providing a comprehensive test of your
system's first 1056 ports, this service ports
scan can be used for additional research:

Service Ports Scan Application Guide
( Cool things you can do with our Service Ports Probe )

Detecting Ports Blocked by Your ISP <--------------- THIS

Internet service providers often block specific traffic entering their network before it reaches their customers, or after leaving their customers before it exits their network. This is sometimes done to block the exploitation of common security vulnerabilities, and sometimes to prevent their customers from offering proscribed Internet services.

As a customer, it can be useful and interesting to know which service ports, if any, an ISP has chosen to preemptively block in order to restrict their customers' global Internet traffic.

ISP port blocking can be easily tested, often quite rapidly, by arranging to allow the ShieldsUP! probe to have access to an unprotected computer. Since all non-stealth machines will respond to every open request — either affirmatively or negatively — ports appearing as STEALTH will be those blocked by your ISP, corporate firewall, or other external agency.


             If your system is unprotected, without any personal firewall or NAT router, any ports showing as stealth are being blocked somewhere between your computer and the public Internet. This is probably being done by your ISP. Internet traffic directed to your computer at the stealth ports will be dropped before reaching your machine.
 

             If your system has a personal firewall that can be instructed to "trust" a specific remote IP, you can temporarily instruct it to trust the ShieldsUP! probe IP of [204.1.226.228]. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any which remain stealth are being blocked by your ISP.
 

             If your system is operating behind a residential "NAT" router, the router will be acting as a natural and excellent hardware firewall. But that's not what you want for the moment. You can temporarily remove your NAT router and connect an unprotected computer directly to your cable modem or DSL line. Or, if you are comfortable reconfiguring your NAT router, you may be able to point the router's "DMZ" at one of your computers which has been instructed to "trust" our probe IP of [204.1.226.228]. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any remaining stealth are being blocked by your ISP.
 

             Finally, if your Internet security system, NAT router, personal firewall, or whatever, can produce detailed logs of incoming Internet packets, you could leave your existing security in place, clear your log, run the service ports scan, then carefully inspect your log for any consistently missing port probes. We send out four sets of probing packets because individual packets are sometimes dropped along the way. Therefore, it won't be unusual to see occasional missing packets from your logs. What you're looking for is a complete lack of packets bound for a specific port. A careful and detailed examination of your log will reveal any missing ports which are being blocked before they reach your logging tool. (Note that this technique is not quite as foolproof as the other approaches since ISPs could be blocking outbound packets from their customers, which the other approaches would detect but log-watching would not.)

After completing the experiments above, remember to return your system to its previous tight security and verify that everything is safe again by re-running any of our tests. "

You can use "Common Ports" scan or "All Service Ports" scan to do what you after :)

Gd luck
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
If they don't know what you're talking about, chances are they are not blocking anything.
What, exactly, are you wanting to do? Are you having problems getting specific ports through for a specific application?
0
 

Author Comment

by:islamk
Comment Utility
I do have the linksys WRT54G I'm trying to remote the router on port 80, 8080 it's not working i know 21 is working i can get to my ftp server from outside also i want to forward the correct ports so i can use xp as a vpn server any1 used xp VPN that way?
0
 
LVL 20

Expert Comment

by:DVation191
Comment Utility
"An external scan of your IP address will only report on ports that your system is listening on."

Thats not entirely true...granted it depends on your setup...but I have a PC in a DMZ behind a router and can go to the site to have the pc scanned. all the ports that are not blocked are simply reported as "closed". those ports that are blocked are reported as "stealth". thats how I can tell which ports my ISP blocks...and i've confirmed it with them.
I can't argue that it won't work in all cases, but the first expert opinon was to ask, second to that I thought the next best thing to do would be to run a scan.
0
 

Author Comment

by:islamk
Comment Utility
Any good steps to setup a dmz server?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
LAN or WAN ? 11 57
DNS CNAME Configuration 3 46
cisco nexus experiance 2 25
Firewall port opening 2 16
Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here (http://www.handcraftedsoftware.org/index.php?page=download) 2. Ensure that you disable the windows fi…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now