Installed OpenWRT, left all settings on default, and installed ds-lite.
Made a open port test with "Shields Up!" and found two OPEN ports.
What is going on?!?!
Which ones ?
Does your WAN port have a public IP ?
1 Like
In a previous thread, the user said:
Question 1) Why did shield up find open ports? (1024 & 1027)
@anon58882991, please don't double post.
You scanned ds-lite gateway of your provider. No OpenWrt involved in that end.
2 Likes
Port 1024 & 1027
How can i check this?
So OpenWrt is not at fault but my ISP? And it's still a security risk?
I made this post to make the old post a separate topic, edited it out of the old post.
Thats useless....
Please inform yourself eg in wikipedia
You are assigned a port range, and it is none of your business what happens outside your assigned port range.
1 Like
Sorry, it was difficult to ignore the important fact that you don't have a [Public] IPv4 addresses assigned to the WAN port you noted was scanned with Shields Up!.
I was going to reply about that in your orginal post, but you edited it out for some unknown reasons.
This is a good summarized answer:
But you can ask them.
You are assigned a port range, and it is none of your business what happens outside your assigned port range.
Does that mean it's not a security concern/securtiy risk for me as long as the open ports are outside the port range that i was assigned?
And how do i know what port range was assigned to me?
Sorry im kinda dumb. Im grateful for all your guys help though.
1 Like
What do you mean by this?
And since my other post was deleted let me add the question from it this this post:
How can i check if ds-lite is configured correctly? The Wiki said it should be automatic but the example configs it showed do not match with mine at all.
1 Like
Man I haven't seen Shields Up! since the 90's. Brings back memories of Zone Alarm Pro.
I just did a shields Up! scan and it detected nothing. A quiet dark hole where my ip address is. Noice.
3 Likes
It means if they are not the ports assigned to you, then only your ISP (or the customer they're assigned to) can identify why those ports are open.
DS-Lite is an IPv6 transition mechanism that provides IPv4 Internet when your ISP has not provided Public IPv4 addresses to you interface.
See: https://en.wikipedia.org/wiki/IPv6_transition_mechanism#Dual-Stack_Lite_(DS-Lite) (the link was provided above by another user, perhaps you should review it)
There's probably none, you'd ask your ISP.
Perhaps show them - and explain what advanced steps you had to undertake that causes you confusion?
Ho do we know which ports are found open and whether they pertain your connection.
Oh right, sorry i did read that but i didnt make the connection when you said my wan doesnt have a public ipv4 address, was confused because i had forgotten that.
But is it a security risk? Or is it safe to just completely ignore?
.
.
Regarding DS-LITE configuration:
OpenWrt documentation shows the following configuration example in ds-lite section:
# /etc/config/network
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config interface 'wan'
option proto 'dslite'
option peeraddr '2001:db80::1' # Your ISP's DS-Lite AFTR
but in my network config it look like this (very different):
config interface 'wan'
option device 'dsl0.7'
option proto 'pppoe'
option username '***'
option password '***'
option ipv6 '1'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option norelease '1'
option peerdns '0'
list dns '2620:fe::fe'
list dns '2620:fe::9'
It seems my WAN interface is not set to use the 'dslite' proto like in example and doesnt have any 'peeraddr' configured like in example. Also WAN6 'device' differs. And i couldnt find out it thats normal by reading the wiki docs.
What do you mean? We know which ports are open by making a open port scan, for example using 'Shields Up' or not?
And whether they pertain to my connection depends on if their in my assigned port range i assume?
Yes. Please.
1 Like
Even it is shitty business your ISP could filter ports as he likes.
A good ISP is not touching traffic. Only if the customer requests it.
Ds lite and all other half baked transition tools are only .... Don't know. Mostly useless or in the end based on business decisions based on money but not for the better or greater good.
Edit ps. Sry for the rant.
1 Like