How to block Port 0

Options
Labber
Labber Posts: 3
First Comment
edited April 2021 in Security

I have a USG210. When running port scans on the WAN side, Port 0 shows as:

"Closed. Your computer has responded that this port exists but is currently closed to connections."

Is there a way to completely block this port, so the IP shows as completely stealth?


Thank you.

Clippies of scan from GRC Shields Up attached...





All Replies

  • PeterUK
    PeterUK Posts: 2,987  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    edited March 2020
    Options

    Are you sure the USG in replying to port 0? can you packet capture the WAN port in USG.

    Your ISP might be replying to port 0

  • Labber
    Labber Posts: 3
    First Comment
    Options

    I think you're right. I just did a port scan on our older USG200, which never had this issue before, and suddenly it does. Must be the ISP. I'll try the packet capture when I get a chance.

  • ZY4EVER
    ZY4EVER Posts: 1
    edited January 2022
    Options
    Sorry to revive, was it an ISP thing or a FW thing?

    I'm also having the same result (PORT 0 shown as Closed/Blue) which I never had before I recently changed ISP. The USG60 does not allow to make rules on PORT 0.


    EDIT: After a little Google research on the PORT 0 subject. I followed the recommendation to add a REJECT ALL rule from WAN sources to WAN_IP and bingo. Port 0 now shown as "stealth".
  • ThatGuy
    ThatGuy Posts: 1
    Options
    Hello All-

    I ran across this issue as well. The actual reason why port 0 is showing this way (closed) with ShieldsUp is because ADP is active on your USG. If you set ADP as "Inactive" under Security Policy/ADP/General Tab, ShieldsUp will report it as stealth. Just unselecting the check box next to "Enable Anomaly Detection and Prevention" will not do the trick, you have to select the policy, change it to inactive and save. That's of course if you would rather stealth port 0 and not have ADP active on your device 😉

  • CHS
    CHS Posts: 181  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    In my test result, no matter ADP is Enabled/Disabled/Inactivate rule, all of the results of port 0 are stealth. You may share packet captures by different scanning cases for further check.

Security Highlight