How to block Port 0

Labber

I have a USG210. When running port scans on the WAN side, Port 0 shows as:

"Closed. Your computer has responded that this port exists but is currently closed to connections."

Is there a way to completely block this port, so the IP shows as completely stealth?

Thank you.

Clippies of scan from GRC Shields Up attached...

PeterUK

Are you sure the USG in replying to port 0? can you packet capture the WAN port in USG.

Your ISP might be replying to port 0

Labber

I think you're right. I just did a port scan on our older USG200, which never had this issue before, and suddenly it does. Must be the ISP. I'll try the packet capture when I get a chance.

ZY4EVER

Sorry to revive, was it an ISP thing or a FW thing?

I'm also having the same result (PORT 0 shown as Closed/Blue) which I never had before I recently changed ISP. The USG60 does not allow to make rules on PORT 0.

EDIT: After a little Google research on the PORT 0 subject. I followed the recommendation to add a REJECT ALL rule from WAN sources to WAN_IP and bingo. Port 0 now shown as "stealth".

ThatGuy

Hello All-

I ran across this issue as well. The actual reason why port 0 is showing this way (closed) with ShieldsUp is because ADP is active on your USG. If you set ADP as "Inactive" under Security Policy/ADP/General Tab, ShieldsUp will report it as stealth. Just unselecting the check box next to "Enable Anomaly Detection and Prevention" will not do the trick, you have to select the policy, change it to inactive and save. That's of course if you would rather stealth port 0 and not have ADP active on your device 😉

CHS

In my test result, no matter ADP is Enabled/Disabled/Inactivate rule, all of the results of port 0 are stealth. You may share packet captures by different scanning cases for further check.