Port 53 open on my ESET premium machine

[Laplacian 0]

Hi,

So I scanned all my machines on my network, and it showed that my computer has the port 53 DNS domain port open? Is this normal, as I think that I haven't seen that being open before if I remember correctly. And even if it is open, shouldn't ESET prevent showing that it is open?

[Nightowl 205]

20 minutes ago, Laplacian said:

Hi,

So I scanned all my machines on my network, and it showed that my computer has the port 53 DNS domain port open? Is this normal, as I think that I haven't seen that being open before if I remember correctly. And even if it is open, shouldn't ESET prevent showing that it is open?

May I ask how did you scan? did you use Nmap for example or ESET built in scanner?

[Laplacian 0]

1 minute ago, Nightowl said:

May I ask how did you scan? did you use Nmap for example or ESET built in scanner?

I scanned with phone where I have paid app called Net Analyzer

[Nightowl 205]

Just now, Laplacian said:

I scanned with phone where I have paid app called Net Analyzer

I don't know this application , but try to use LTE/4G connection when attempting to scan your IP , that will show your firewall that you are outsider scanning , scanning from the LAN to WAN IP , will show wrong results if I am not mistaken.

[Laplacian 0]

1 minute ago, Nightowl said:

I don't know this application , but try to use LTE/4G connection when attempting to scan your IP , that will show your firewall that you are outsider scanning , scanning from the LAN to WAN IP , will show wrong results if I am not mistaken.

I scanned the machine inside my LAN with another LAN device. As for the public IP, I will try to scan outside my LAN. I will post when I have done that thanks.

[Nightowl 205]

1 minute ago, Laplacian said:

I scanned the machine inside my LAN with another LAN device. As for the public IP, I will try to scan outside my LAN. I will post when I have done that thanks.

Yes while connected from LAN , see your IP from whatismyip websites , then disconnect from your WIFI home , and then scan the WAN IP that you got from the website , it should how you the results from Outside > to your side

I think inside the LAN , since it's trusted , ports can communicate with eachother unless it's instructed by the personal firewall on the devices (like ESET or windows firewall) to disable certain ports from communicating.

[Laplacian 0]

2 hours ago, Nightowl said:

Yes while connected from LAN , see your IP from whatismyip websites , then disconnect from your WIFI home , and then scan the WAN IP that you got from the website , it should how you the results from Outside > to your side

I think inside the LAN , since it's trusted , ports can communicate with eachother unless it's instructed by the personal firewall on the devices (like ESET or windows firewall) to disable certain ports from communicating.

I now scanned the external IP from LTE/4G device and it didn't show no ports or even any host up. Then I also scanned my LAN again using NMAP and the device inside my network seems to have the port 53 open indeed, but it is TCPwrapped. I do not know why does show that one port. But I trust ESET so its all good thanks for the help

[Laplacian 0]

2 hours ago, Nightowl said:

Yes while connected from LAN , see your IP from whatismyip websites , then disconnect from your WIFI home , and then scan the WAN IP that you got from the website , it should how you the results from Outside > to your side

I think inside the LAN , since it's trusted , ports can communicate with eachother unless it's instructed by the personal firewall on the devices (like ESET or windows firewall) to disable certain ports from communicating.

Also I forgot to mention that my network is either way a LTE/4G network and not a fiber

[Nightowl 205]

7 hours ago, Laplacian said:

I now scanned the external IP from LTE/4G device and it didn't show no ports or even any host up. Then I also scanned my LAN again using NMAP and the device inside my network seems to have the port 53 open indeed, but it is TCPwrapped. I do not know why does show that one port. But I trust ESET so its all good thanks for the help

You are welcome

About port 53 , try to check that device and see the firewall rules for port 53 TCP , it shouldn't be open for DNS unless that device serves something or it's open by mistake.

[Laplacian 0]

On 3/31/2024 at 10:50 PM, Nightowl said:

You are welcome

About port 53 , try to check that device and see the firewall rules for port 53 TCP , it shouldn't be open for DNS unless that device serves something or it's open by mistake.

I denied all communication on that port in ESET firewall configuration, and the scan still shows it is open. My Windows firewall machine on the other hand shows no ports open or they are blocked, so I am pretty worried that the ESET firewall is providing that information for the scanner. And I looked that there was legitimate communication on that port, which I am not really sure what the communication is needed for. 

[itman 1,668]

1 hour ago, Laplacian said:

denied all communication on that port in ESET firewall configuration, and the scan still shows it is open.

Eset firewall use has no bearing on if a port is open or closed. The router controls this.

My best guess is you have a device on your network that has port 53 access capability. Eset Network Inspector should show you which device; other than the router, that has this capability.

[Nightowl 205]

On 4/2/2024 at 5:50 PM, itman said:

Eset firewall use has no bearing on if a port is open or closed. The router controls this.

True and shouldn't be open as your home network doesn't serve DNS to people outside.