Port 443

[TomFace 539]

6 hours ago, itman said:

Since you are concerned about it, I would contact AT&T tech support and ask them about port 443 usage on the router. If they say "Yes, it is used," then ask them to run a test to verify it is only connecting to your local AT&T IP address. If all checks out, I wouldn't be concerned about what the Eset test tool is stating.

That's on my list for tomorrow. I also opened a ticket with ESET Support since no ESET Moderator/Forum Administrator has bothered to respond or open my PM (not good).

Edited October 11, 2017 by TomFace

[TomFace 539]

Ok...just hung up with AT&T U-verse support and they are telling me that port 443 has to do with my Cisco access point for U-Verse TV and not to be too concerned with it. They cannot see the access point (MAC Address) once I close that port.

The only thing is once I delete activity (close the port) it does NOT seem to affect my TV at all. At least I got some useful information from them. ESET Support did reply saying :

Port 443 is a service that is needed internally within your network and therefore safe to use. However, your router appears to have this port 443 open to the public as well.

Therefore the ESET alert is telling you to close that port so that the world cannot access that port to get inside your internal network.

You also can use online port scanning services to determine which ports are open to the public:

http://www.whatsmyip.org/port-scanner/

So...I didn't really get the answer I was looking for (I still feel vulnerable),  but I'll just play it by ear. Thanks again to itman & cyberhash for their input. By the way itman, I still cannot access the GRC Common Port scan webpage, I did send them a e-mail about that. ESET Support did send me another port scanner webpage (see above) to use.

[itman 1,659]

41 minutes ago, TomFace said:

Ok...just hung up with AT&T U-verse support and they are telling me that port 443 has to do with my Cisco access point for U-Verse TV and not to be too concerned with it. They cannot see the access point (MAC Address) once I close that port.

The only thing is once I delete activity (close the port) it does NOT seem to affect my TV at all.

It depends on how your TV(s) are connected.

In a U-verse setup, you will always have one TV box that is directly connected via Ethernet. Additional TV boxes are wireless although AT&T recently sent me for an additional box I ordered, a box that can connect both via wireless and using Ethernet.  For any wireless box connection, a WAP is required. The WAP connects to the AT&T router via Ethernet cable. The WAP uses WAN port 443 on the router to connect to the wireless TV boxes.

Bottom line - if you don't use any wireless TV boxes, i.e. no WAP connection to the router, you can probably close the WAN port 443 connection on the router. I suspect that AT&T ships their routers with the WAN port 443 connection pre-configured. This way when someone orders an additional TV box, they don't have to fool around with reconfiguring the router. Keep this in mind when deleting that default setup connection.

-EDIT- I forgot to mention I connect my PC via Ethernet although the PC has no wired connection to the AT&T router. I use those house electrical wiring adapters. "Works like a charm" with my house electrical wiring. Getting 100 mbps which is the max. speed for my existing network adapter.

Edited October 11, 2017 by itman

[SCR 195]

1 hour ago, TomFace said:

.By the way itman, I still cannot access the GRC Common Port scan webpage, I did send them a e-mail about that. ESET Support did send me another port scanner webpage (see above) to use.

Tom, you can get to the GRC  Shields up port scan by going to the main site here:  https://www.grc.com/intro.htm 

Then mouse over the "Services" drop down on the upper left side of the page and select "Shields UP!"  on the menu that opens. On the page that opens find and left click  the "Proceed" button in the center of the page a third of the way down. (If you have not run the test before you might find it interesting an interesting read) On the next page below the blue banner "ShieldsUP! Services" left click "All Service ports" A new page will open and the test will begin.

I had the same result as you using the link provided in other posts.

[itman 1,659]

Probably, the best explanation for the AT&T port 443 issue is:

Quote

 

Re: Cisco_AP_ATT and ConnectToCiscoAP using port 443

AT&T intentionally keeps port 443 open to the WAP for remote control, auditing, and authentication purposes. It's part of their overall system management application that manages all customer equipment.

If you remove the port 443 firewall access to the WAP, their management system will automatically put it back. The system does not know your password, nor does it need it to manage the gateway and WAP.

If you need port 443 for your own purpose, the only work-around if you have wireless STBs is to purchase a block of static IP addresses.

 

Ref.: https://forums.att.com/t5/U-verse-2014-Archive/Cisco-AP-ATT-and-ConnectToCiscoAP-using-port-443/td-p/3322219

 

I have also seen a few other web refs. that confirm AT&T will re-add the connection if it is removed from the router.

 

Again, I have never had an issue with port 443 open on the WAN. The router firewall will block any access to it from anything other than your local AT&T server IP address. 

Edited October 11, 2017 by itman

[itman 1,659]

I found this excellent web site on router security: https://www.routersecurity.org/testrouter.php

For anyone with an AT&T Arris router, this is what they should be concerned about. Note the links are to GRC Shields Up site:

Quote

Sept 2017: If AT&T is your ISP then test if port 49152 is open as per Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks by security firm Nomotion. Also, check if SSH port 22 is open.

July 2017: If AT&T is your ISP then test if port 61001 is open. According to Nomotion, in Exploring the AT&T U-verse 5268AC DSL Modem blog posting, the port is only open from outside of the AT&T U-verse network.

As far as testing router LAN side ports:

Quote

LAN side port testing

BROWSER: You can also test a port with a web browser. For example,  http://192.168.1.1:443 would test TCP port 443 (of course, modify the IP address as necessary for your router). I don't think a browser can test a UDP port, it is limited to TCP.

If you receive no response, the port is closed.

Edited October 11, 2017 by itman

[TomFace 539]

Thank you SCR & itman for the additional information (as no ESET Mod has replied to this post or a PM).

It is appreciated.

SCR I did not think the words "All service Ports" & "common Ports" were even clickable links., looked like plain text.

Edited October 13, 2017 by TomFace

[SCR 195]

2 hours ago, TomFace said:

Thank you SCR & itman for the additional information (as no ESET Mod has replied to this post or a PM).

It is appreciated.

SCR I did not think the words "All service Ports" & "common Ports" were even clickable links., looked like plain text.

Yes exactly. That's why I mentioned it. I spent a lot of time on GRC when I first got on the Internet. GRC.com has never been big on Graphics but big on the information I needed when I was a babe in the woods on the World Wide Web. I knew nothing about it or Windows for that matter. Prior my computer experience was with DOS.