Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

ISP port scan please help

Posted on 2004-08-02
Last Modified: 2013-11-30
How can I check what ports are blocked by my cable modem ISP?
Question by:islamk
  • 3
  • 3
  • 2
  • +2
LVL 79

Expert Comment

ID: 11698690
Ask them...
LVL 20

Expert Comment

ID: 11699143
go here... https://www.grc.com/x/ne.dll?bh0bkyd2
and scan for "common ports" when given the option. assuming your ports are visible from the outside, the test will reveal which ones are closed and which are open.
LVL 27

Expert Comment

ID: 11699422
Most of the time, they don't block anything.  Sometimes, they'll block IPSec VPN so they can charge higher "business" rates to open it up.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

LVL 79

Expert Comment

ID: 11699493
My cable ISP blocks ICMP... no pings, no tracroutes, not even with a "business" rated line.
TCP port 135 is also blocked, but it does not appear that any others are being blocked.

Some cable ISP's block SMTP port 25, ftp port 21 and www port 80 to encourage server users to purchase a higher-priced business rate line.
An external scan of your IP address will only report on ports that your system is listening on. If you don't have a web server running, then you can't tell if port 80 is blocked or not. If you don't have a SMTP mail server listening on port 25, you won't know if that port is blocked or not.

The only way to know for sure is to ask.

Expert Comment

ID: 11700081
Why don't just call them -.-

Author Comment

ID: 11700212
I agree with  lrmoore :-)
Call them they don't know what i'm taking about I'm asking for the incomming traffic the site above will not test that

Accepted Solution

AshuraKnight earned 50 total points
ID: 11700248
Lol that's the problem with ISP Customer Service :D

And regarding the link given by DVation

"Beyond providing a comprehensive test of your
system's first 1056 ports, this service ports
scan can be used for additional research:

Service Ports Scan Application Guide
( Cool things you can do with our Service Ports Probe )

Detecting Ports Blocked by Your ISP <--------------- THIS

Internet service providers often block specific traffic entering their network before it reaches their customers, or after leaving their customers before it exits their network. This is sometimes done to block the exploitation of common security vulnerabilities, and sometimes to prevent their customers from offering proscribed Internet services.

As a customer, it can be useful and interesting to know which service ports, if any, an ISP has chosen to preemptively block in order to restrict their customers' global Internet traffic.

ISP port blocking can be easily tested, often quite rapidly, by arranging to allow the ShieldsUP! probe to have access to an unprotected computer. Since all non-stealth machines will respond to every open request — either affirmatively or negatively — ports appearing as STEALTH will be those blocked by your ISP, corporate firewall, or other external agency.

             If your system is unprotected, without any personal firewall or NAT router, any ports showing as stealth are being blocked somewhere between your computer and the public Internet. This is probably being done by your ISP. Internet traffic directed to your computer at the stealth ports will be dropped before reaching your machine.

             If your system has a personal firewall that can be instructed to "trust" a specific remote IP, you can temporarily instruct it to trust the ShieldsUP! probe IP of []. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any which remain stealth are being blocked by your ISP.

             If your system is operating behind a residential "NAT" router, the router will be acting as a natural and excellent hardware firewall. But that's not what you want for the moment. You can temporarily remove your NAT router and connect an unprotected computer directly to your cable modem or DSL line. Or, if you are comfortable reconfiguring your NAT router, you may be able to point the router's "DMZ" at one of your computers which has been instructed to "trust" our probe IP of []. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any remaining stealth are being blocked by your ISP.

             Finally, if your Internet security system, NAT router, personal firewall, or whatever, can produce detailed logs of incoming Internet packets, you could leave your existing security in place, clear your log, run the service ports scan, then carefully inspect your log for any consistently missing port probes. We send out four sets of probing packets because individual packets are sometimes dropped along the way. Therefore, it won't be unusual to see occasional missing packets from your logs. What you're looking for is a complete lack of packets bound for a specific port. A careful and detailed examination of your log will reveal any missing ports which are being blocked before they reach your logging tool. (Note that this technique is not quite as foolproof as the other approaches since ISPs could be blocking outbound packets from their customers, which the other approaches would detect but log-watching would not.)

After completing the experiments above, remember to return your system to its previous tight security and verify that everything is safe again by re-running any of our tests. "

You can use "Common Ports" scan or "All Service Ports" scan to do what you after :)

Gd luck
LVL 79

Expert Comment

ID: 11700389
If they don't know what you're talking about, chances are they are not blocking anything.
What, exactly, are you wanting to do? Are you having problems getting specific ports through for a specific application?

Author Comment

ID: 11700412
I do have the linksys WRT54G I'm trying to remote the router on port 80, 8080 it's not working i know 21 is working i can get to my ftp server from outside also i want to forward the correct ports so i can use xp as a vpn server any1 used xp VPN that way?
LVL 20

Expert Comment

ID: 11700441
"An external scan of your IP address will only report on ports that your system is listening on."

Thats not entirely true...granted it depends on your setup...but I have a PC in a DMZ behind a router and can go to the site to have the pc scanned. all the ports that are not blocked are simply reported as "closed". those ports that are blocked are reported as "stealth". thats how I can tell which ports my ISP blocks...and i've confirmed it with them.
I can't argue that it won't work in all cases, but the first expert opinon was to ask, second to that I thought the next best thing to do would be to run a scan.

Author Comment

ID: 11710335
Any good steps to setup a dmz server?

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPv6 NAT to IPv4 28 66
Internet Protocol Security question 3 94
not able to to ping server on a switch 1 33
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question