Solved

ISP port scan please help

Posted on 2004-08-02
11
2,623 Views
Last Modified: 2013-11-30
How can I check what ports are blocked by my cable modem ISP?
0
Comment
Question by:islamk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11698690
Ask them...
0
 
LVL 20

Expert Comment

by:DVation191
ID: 11699143
go here... https://www.grc.com/x/ne.dll?bh0bkyd2
and scan for "common ports" when given the option. assuming your ports are visible from the outside, the test will reveal which ones are closed and which are open.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 11699422
Most of the time, they don't block anything.  Sometimes, they'll block IPSec VPN so they can charge higher "business" rates to open it up.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 79

Expert Comment

by:lrmoore
ID: 11699493
My cable ISP blocks ICMP... no pings, no tracroutes, not even with a "business" rated line.
TCP port 135 is also blocked, but it does not appear that any others are being blocked.

Some cable ISP's block SMTP port 25, ftp port 21 and www port 80 to encourage server users to purchase a higher-priced business rate line.
 
An external scan of your IP address will only report on ports that your system is listening on. If you don't have a web server running, then you can't tell if port 80 is blocked or not. If you don't have a SMTP mail server listening on port 25, you won't know if that port is blocked or not.

The only way to know for sure is to ask.
0
 
LVL 5

Expert Comment

by:AshuraKnight
ID: 11700081
Why don't just call them -.-
0
 

Author Comment

by:islamk
ID: 11700212
I agree with  lrmoore :-)
Call them they don't know what i'm taking about I'm asking for the incomming traffic the site above will not test that
Thansk
0
 
LVL 5

Accepted Solution

by:
AshuraKnight earned 50 total points
ID: 11700248
Lol that's the problem with ISP Customer Service :D


And regarding the link given by DVation

"Beyond providing a comprehensive test of your
system's first 1056 ports, this service ports
scan can be used for additional research:

Service Ports Scan Application Guide
( Cool things you can do with our Service Ports Probe )

Detecting Ports Blocked by Your ISP <--------------- THIS

Internet service providers often block specific traffic entering their network before it reaches their customers, or after leaving their customers before it exits their network. This is sometimes done to block the exploitation of common security vulnerabilities, and sometimes to prevent their customers from offering proscribed Internet services.

As a customer, it can be useful and interesting to know which service ports, if any, an ISP has chosen to preemptively block in order to restrict their customers' global Internet traffic.

ISP port blocking can be easily tested, often quite rapidly, by arranging to allow the ShieldsUP! probe to have access to an unprotected computer. Since all non-stealth machines will respond to every open request — either affirmatively or negatively — ports appearing as STEALTH will be those blocked by your ISP, corporate firewall, or other external agency.


             If your system is unprotected, without any personal firewall or NAT router, any ports showing as stealth are being blocked somewhere between your computer and the public Internet. This is probably being done by your ISP. Internet traffic directed to your computer at the stealth ports will be dropped before reaching your machine.
 

             If your system has a personal firewall that can be instructed to "trust" a specific remote IP, you can temporarily instruct it to trust the ShieldsUP! probe IP of [204.1.226.228]. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any which remain stealth are being blocked by your ISP.
 

             If your system is operating behind a residential "NAT" router, the router will be acting as a natural and excellent hardware firewall. But that's not what you want for the moment. You can temporarily remove your NAT router and connect an unprotected computer directly to your cable modem or DSL line. Or, if you are comfortable reconfiguring your NAT router, you may be able to point the router's "DMZ" at one of your computers which has been instructed to "trust" our probe IP of [204.1.226.228]. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any remaining stealth are being blocked by your ISP.
 

             Finally, if your Internet security system, NAT router, personal firewall, or whatever, can produce detailed logs of incoming Internet packets, you could leave your existing security in place, clear your log, run the service ports scan, then carefully inspect your log for any consistently missing port probes. We send out four sets of probing packets because individual packets are sometimes dropped along the way. Therefore, it won't be unusual to see occasional missing packets from your logs. What you're looking for is a complete lack of packets bound for a specific port. A careful and detailed examination of your log will reveal any missing ports which are being blocked before they reach your logging tool. (Note that this technique is not quite as foolproof as the other approaches since ISPs could be blocking outbound packets from their customers, which the other approaches would detect but log-watching would not.)

After completing the experiments above, remember to return your system to its previous tight security and verify that everything is safe again by re-running any of our tests. "

You can use "Common Ports" scan or "All Service Ports" scan to do what you after :)

Gd luck
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11700389
If they don't know what you're talking about, chances are they are not blocking anything.
What, exactly, are you wanting to do? Are you having problems getting specific ports through for a specific application?
0
 

Author Comment

by:islamk
ID: 11700412
I do have the linksys WRT54G I'm trying to remote the router on port 80, 8080 it's not working i know 21 is working i can get to my ftp server from outside also i want to forward the correct ports so i can use xp as a vpn server any1 used xp VPN that way?
0
 
LVL 20

Expert Comment

by:DVation191
ID: 11700441
"An external scan of your IP address will only report on ports that your system is listening on."

Thats not entirely true...granted it depends on your setup...but I have a PC in a DMZ behind a router and can go to the site to have the pc scanned. all the ports that are not blocked are simply reported as "closed". those ports that are blocked are reported as "stealth". thats how I can tell which ports my ISP blocks...and i've confirmed it with them.
I can't argue that it won't work in all cases, but the first expert opinon was to ask, second to that I thought the next best thing to do would be to run a scan.
0
 

Author Comment

by:islamk
ID: 11710335
Any good steps to setup a dmz server?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question