Announcement

Collapse
No announcement yet.

New User - SSH showing open...

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    New User - SSH showing open...

    Hi All,

    New user here - just moved over from pfsense and so far loving the software. One questions though when I run a shields up port scan it comes back with SSH open. I have not allowed SSH anywhere, can anyone please give me some pointers where I should be looking.

    Thanks John
    Tags: port 22 open, ssh, ssh open
  • #2
    Are you running shields up on WAN or LAN? On the LAN ssh is open by default. Ssh is closed on the WAN. It could be you have a port forward to another box configured?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

    Comment

    • #3
      Originally posted by jcoffin View Post
      Are you running shields up on WAN or LAN? On the LAN ssh is open by default. Ssh is closed on the WAN. It could be you have a port forward to another box configured?
      Hi jcoffin

      Thanks for the reply. so there are no port forwards in place. When you run shields up it obviosly scans your wan gateway so SSH open is being reported from scanning the router. Under access rules SSH access is disabled so there should be no SSH open port being reported... Im confused.

      Thanks John
      Last edited by jtleeds; 02-22-2023, 02:35 PM.

      Comment

      • #4
        You should be confused, because what you're reporting isn't possible. SSH is not open unless you made it so, and to find the problem you're going to have to audit your Internet connection.

        When you run the GRC scan make note of the IP address being scanned, find the device that has that IP on it... because if it's not NGFW that's your first clue, you've got something upstream of NGFW that's mucking with TCP 22.
        Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
        NexgenAppliances.com
        Phone: 866-794-8879 x201
        Email: [email protected]

        Comment

        • #5
          Hi sky-knight

          Thanks for reply. I know it isn't possible but... I have a Netgate 4100 appliance here which I was using before NGFW so I have plugged that back in, made absolutly no changes to the network and Port is stealthed again, take that out and put the NGFW back in and showing as closed but receiving Unsolicited Packets and Solicited TCP Packets on port 22​..... Really odd.....

          PS the IP address being scanned is my WAN address.... I have also made a custom rule blocking 22 traffic on any interface and its still coming in but again, not if I put the Netgate 4100 in place.... The rules are pretty identical on both firewalls....

          John​
          Last edited by jtleeds; 02-22-2023, 02:37 PM.

          Comment

          • #6
            Post the output of shields up. They have some odd phrasing that is not technically correct.
            Attention: Support and help on the Untangle Forums is provided by
            volunteers and community members like yourself.
            If you need Untangle support please call or email [email protected]

            Comment

            • #7
              jcoffin

              Well, I've found it... !!

              Intrusion Prevention (when to scan) was set to 'before other network processing'. When I changed it back to 'After other network processing' I am fully stealthed again. So that seems to be the cure for me...

              Not sure why 22 is showing as closed when before other network processing is selected but changing it now get me to where I wanted to be which was stealthed as all other incoming connections are limited to static IP's so it was kind of a real pain to be ''seeable'' when I had gone to long lengths to get the network locked down....

              Thanks for all your input, much appreciated.

              John

              Comment

              • #8
                After reading this post I decided to do a shields up scan since I just updated my firewall to v16.6.2 and all common ports but one were STEALTH including port 22... The one port that was not STEALTH was Port 0, it is reported as CLOSED... Anyone have a clue as to why?

                Port
                Service
                Status                		 Security Implications

                0
                <nil>
                Closed                		 Your computer has responded that this port exists but is currently closed to connections.


                ----------------------------------------------------------------------

                GRC Port Authority Report created on UTC: 2023-02-23 at 02:22:39

                Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                119, 135, 139, 143, 389, 443, 445,
                1002, 1024-1030, 1720, 5000

                0 Ports Open
                1 Ports Closed
                25 Ports Stealth
                ---------------------
                26 Ports Tested

                NO PORTS were found to be OPEN.

                The port found to be CLOSED was: 0

                Other than what is listed above, all ports are STEALTH.

                TruStealth: FAILED - NOT all tested ports were STEALTH,
                - NO unsolicited packets were received,
                - NO Ping reply (ICMP Echo) was received.

                ----------------------------------------------------------------------

                Comment

                • #9
                  I just did some testing and found that if I disable the Wireguard VPN app then Port 0 goes back to being STEALTH... If I enable the Wireguard VPN app then Port 0 reports that it is CLOSED and not STEALTH... I just started running the 30 day trial version of the Wireguard VPN app after doing the upgrade to v16.6.2... I was not using it before... What would the Wireguard app have to do with Port 0..?

                  Comment

                  Previous template Next
                  Working...
                  X