I have recently become more concerned about security.
As part of my checks I have run a port scan on my home hub 3 from the internet side using my phone connected through the phone network and found 129 ports open, or at least responding.
Surely that can't be right.
Anyone else seen this?
Connected to ADSL2+ Broadband package
Software version 220.127.116.11.18.104.22.168.52 (Type A)
Solved! Go to Solution.
I have acquired another HH3 and tried it and it's exactly the same.
As well as the 129 ports that respond from the range of common ones, there are hundreds more from therange of less common ports.
This makes these modem/routers stand out like a beacon on the internet for any hackers out there.
My firewall log shows that my HH is constantly probed with an attempted logins.
With the "backdoor" port at 4567 that gives you a log in if you try browsing to your internet address on this port I am not at all happy.
A new hub or a new ISP is required.
You may be misinterpreting the results. as the HH3 has been around a long time now, without any reported issues. The home hub firewall will report many attempts, but they are not getting onto your local network.
This page on my website has some links to suitable sites, and a Microsoft utility which should help.
You will need to connected to BT Broadband to access any links I post which are hosted on my website..
If you are connected to BT Broadband, and you cannot access them, then please let me know on this thread. Thanks.
If your public address ended in 71.14, then I could not see any service ports, or port 4567 when I tested it.
I would expect to get no reply from any of your ports (stealth mode), and this would have been confirmed by the ShieldUp link I gave you.
My webserver runs on port 80, but my Windows firewall will drop any IP addresses that do not originate from the BT network, with just a couple of exceptions. I get hundreds of such "drops" every hour.
If port 80 was not open on my router, then it would not show on my Windows firewall, but my router firewall would prevent probes reaching my network.
The firewall on the home hub is not going to give out, and the IDS part of the firewall will detect any attempts at malformed packets, and reject them.
I think you are looking for a problem that simply does not exist. The home hub 3 firewall is simply doing its job.
That's not my current IP address but I have been swapping over modems during investigations.
I used a port scanner app on my phone and hundreds of ports responded. The same scanner inside my network gets virtually nothing. I'd much rather have my outward facing interface operte in as near stealth mode and my needs permit.
I am perhaps a bit paranoid. I recently set up port forwarding to a server in my house. Within a week it was swarming with log in attempts. Thousands each day in what seemed like a brute force attack. That made me dig a bit deeper into what ports were responding that could be attracting hackers. My HH3 also regularly gets log in attempts.
In theory, the HH3 firewall shouldn't give out but we all know that patches are issued for all kinds of software to correct a flaw that has allowed a breach in its security.
I'm going to do some more digging and will probably end up getting a new modem/router an/or a new ISP.
For all interested HH users.
The plot thickens. The Shields Up scan shows no ports responding and all in stealth mode - appart from 4567.
My Network Analyser app from technet shows multiple ports open. When scanning my servers with known open ports it gives the correct responses.
Something's not quite right. I am going to have to take back my claims that the HH3 advertises itself unnecessarily to the internet until I dig a bit deeper.
Thanks for the useful pointers.