New Blocked Ports???

  • 2
  • Question
  • Updated 4 months ago
  • Answered
Nothing in the documentation I've found about blocking port 2222 but it appears to be blocked, why?

For years now I have been able to perform a backup of my office to my local (behind your equipment) NAS.  I've been using port 2222 but it hasn't been working lately.   I did some testing and found that you are blocking this port and for the life of me I don't see why.  First of all it's not listed in any of your documentation of "Blocked Ports".  Second I'm paying you to allow me to use your network and in all fairness that's what I'd like to do.  Third,  this port in not susceptible to DOS or other attacks I'm aware of so why is this port being blocked, and is it a block on your whole network or just my node?   

Yes, I do use it after hours (12 to 5) to not use my VERY EXPENSIVE AND WAY TO SMALL data limit so as to not exceed my "FAP" rates.

Can you explain?
Photo of John Rickard

John Rickard

  • 6 Posts
  • 2 Reply Likes

Posted 4 months ago

  • 2
Photo of Jab

Jab

  • 388 Posts
  • 50 Reply Likes
While most customers won’t be concerned with blocked ports, some more advanced users may wish to know which ports we block and why. We’ve provided this list here with other technical details for those who’d like to know more.
==================

Which modem do you have...WiFi or no WiFi...either way, there is a DMZ on WiFi modem, and if using a router, use its DMZ port, or configure it so it works...same with OS
Photo of John Rickard

John Rickard

  • 6 Posts
  • 2 Reply Likes
Are you referring to my modem or equipment?  Yours, I use only for an Ethernet port which plugs into my firewalls' external interface.  I can access it at 192.168.100.1 but there is no DMZ associated with it I can find.  My firewall has an opened tcp port at 2222 and dnatted to an internal device which was working up until a few weeks ago.  I've had to change my firewall's configuration to use another port which is now working until you block that one.

Do you have a policy that blocks nonstandard ports you see activity on?
Photo of Jab

Jab

  • 388 Posts
  • 50 Reply Likes
Port 2222 was originally designated for Rockwell Automation ControlLogix, which there is an Advisory (ICSA-13-011-03) for it.

"Independent researcher Rubén Santamarta of IOActive identified vulnerabilities in Rockwell Automation’s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012."

And later, Microsoft used it for their anti-piracy service, but later drop it.  Gamers might use this port via Port Triggering (for instance, a game server accessed via port 2222, and user responds via port 3333 via UDP packets).

Two different protocols are available on that port,

Port 2222/TCP,
Port 2222/UDP

That said, as you know, both ends must be able to communicate with each other.

Since I don't have a program to respond on port 2222 there's no way for me to test this port.  I have no idea if Port Triggering is involved in your equation.  What is your OS?
Photo of John Rickard

John Rickard

  • 6 Posts
  • 2 Reply Likes
Thanks for the info about Rockwell equipment and it's vulnerabilities. You can always test using telnet on port 2222 but you don't have to as I don't have any Rockwell equipment in use.  The traffic going over that port is ssh (TCP) traffic and no port triggering is involved.  I've tested it remotely and found it times out when it's open through my firewall, when switched to another port it works just fine.  Using Linux.
Photo of Jab

Jab

  • 388 Posts
  • 50 Reply Likes
Why putting SSH on another port than 22 is bad idea - But there are more reasons why this is a bad idea (port 2222) and one of the most important reason has to do with a bit of the (Linux) way of handling TCP/IP ports.
Photo of Jab

Jab

  • 388 Posts
  • 50 Reply Likes
Footnote - Via router log,  ShieldsUP was setup to probe port 2222, and ten packets were dropped at router.  This suggests port 2222 is not blocked.

I can also say, there are foreign IP addresses probing away out there, from Viet Nam, to China, to Australia, to Houston, to France, etc. Most likely, infected computers.


Photo of John Rickard

John Rickard

  • 6 Posts
  • 2 Reply Likes
Well as you pointed out in your link that's not a good idea, except for the fact that I am not changing the SSH port but, as I mentioned previously, I'm dnatting the traffic to another system which uses port 22.  Even mentioned in your link is the following: "This is probably one of the most visited pages of my blog, most likely because this post is very controversial."  Yeah if I was only listening on port 2222 for SSH traffic then I would be an idiot only obscuring my traffic.  I'm not though as I have fail2ban running on port 22 for my firewall and dnatting to another system that has no privileged users.  I catch dozens of IP addresses searching on port 22 and jail them and my firewall only allowed systems from my other office access to port 2222 so any other traffic is being dropped.
Photo of Diana

Diana, Viasat Employee

  • 2154 Posts
  • 384 Reply Likes
Hi John,  Here is a link to an article on our help web page regarding block ports and why they are blocked.  https://help.viasat.com/internet/articles/General/Why-some-ports-are-blocked-on-our-network   If you have any additional questions, please send an email to viasatlistnes@viasat.com with your account and contact information and details of your issue. Thanks
Photo of Jab

Jab

  • 388 Posts
  • 50 Reply Likes
Diana:

RE:  link to an article on our help web page

This article above lists a small number of blocked ports, but from a post one year ago, it was suggested that Minecraft port was intentionally being block by Diana, Viasat Employee.

Perhaps this help article should be updated?  As stated there, "...some more advanced users may wish to know which ports we block and why."

Has Viasat considered posting a date when a help page is revised?

On a different topic, is there a help page on how to use this forum's "keyboard" shown below?  I don't like "pointing and shooting" to find out what d, e, f, g, or h, i, j, k, or pre means.  RTFM is what I prefer...Got One?

Photo of Jim16

Jim16, Champion

  • 1860 Posts
  • 1532 Reply Likes
D=Bold type.  E=italics. F= Underlines the word.  S= crosses out the word.  Movie camera= post a utube video. I= puts bullet points.  J= puts numbers on your sentences.  K= quotation marks.  How did I do?
Photo of Jab

Jab

  • 388 Posts
  • 50 Reply Likes
Yes, yes...thanks Jim