Port previously used for SSH/CLI is closed rather than stealthed


#1

I was setting up new Surf SOHO MK3 with firmware 7.0.2 and connect it to an existing LAN rather than the Internet to do port scans of the WAN port. To scan all TCP ports, I ran
nmap -p- 1.2.3.4

This found found all WAN ports filtered except two. As expected, the port I was using for remote admin was opened. What was not expected was that port 9999 was closed.

A few days earlier, I had enabled SSH/CLI on LAN/WAN using this non-standard port (9999). Then, I had disabled SSH/CLI. Apparently, this left the port being closed rather than filtered.

I tested this again on another Surf SOHO also running 7.0.2. This second router was HW2 and live on the Internet. Again, I picked a random port for SSL/CLI use. After enabling it, GRC port probe detected the port as open

https://www.grc.com/x/portprobe=8844

Then, I disable CLI/SSH and the above port probe shows it as closed rather than stealthed.

Is this working as expected, or, is it a bug?


#2

@Michael234, do allow me to further clarify your problem. May I know this is the problem you are facing - When you scan the non-exist port, the port status shows Stealth? The other scan results are acceptable.

TCP 444 (non-exist port) scan result with default configuration (SSH not running/configured)

TCP 444 scan result with SSH port set to 444 and enabled

TCP 444 scan result with SSH port set to 444 but disabled


#3

Yes, that is exactly the issue I was trying to describe. You understood perfectly.


#4

We confirmed this is a bug. We will fix this in v7.1.0. Thanks for reporting this!