port listening and home router security
I have a Dishtv receiver with sling adapter. The receiver is connected to my router.
The router is a netgear DD-WRT flashed router.
I was told be a dishtv rep that the router use port 80, 443 and 5678 and recommended that I keep UPnP enabled. I wasn't told it was udp or tcp.
I haven't set UPnP to enabled on my router yet, when I login into dish portal dishanywhere.com, I can see that my receiver is active (green status).
When I use one of those online portscanner and scan to see if my router to listening on these ports, I get a negative response.
How does dishanywhere know that my receiver is active?
Is the receiver sending data packets to dishanywhere server saying that it is alive?
I can control my DVR from dishanywhere i.e. change channels, set recordings, reboot the receiver. Does this means that the dishanywhere.com site is sending packets to the DVR on some port?
If yes, How do I find out the port number?
I want to know if there would be any network security issues?
networking firewall home-networking port-forwarding internet-security
asked May 22 '13 at 21:19
bcdbcd
61
add a comment |
I have a Dishtv receiver with sling adapter. The receiver is connected to my router.
The router is a netgear DD-WRT flashed router.
I was told be a dishtv rep that the router use port 80, 443 and 5678 and recommended that I keep UPnP enabled. I wasn't told it was udp or tcp.
I haven't set UPnP to enabled on my router yet, when I login into dish portal dishanywhere.com, I can see that my receiver is active (green status).
When I use one of those online portscanner and scan to see if my router to listening on these ports, I get a negative response.
How does dishanywhere know that my receiver is active?
Is the receiver sending data packets to dishanywhere server saying that it is alive?
I can control my DVR from dishanywhere i.e. change channels, set recordings, reboot the receiver. Does this means that the dishanywhere.com site is sending packets to the DVR on some port?
If yes, How do I find out the port number?
I want to know if there would be any network security issues?
networking firewall home-networking port-forwarding internet-security
asked May 22 '13 at 21:19
bcdbcd
61
add a comment |
I have a Dishtv receiver with sling adapter. The receiver is connected to my router.
The router is a netgear DD-WRT flashed router.
I was told be a dishtv rep that the router use port 80, 443 and 5678 and recommended that I keep UPnP enabled. I wasn't told it was udp or tcp.
I haven't set UPnP to enabled on my router yet, when I login into dish portal dishanywhere.com, I can see that my receiver is active (green status).
When I use one of those online portscanner and scan to see if my router to listening on these ports, I get a negative response.
How does dishanywhere know that my receiver is active?
Is the receiver sending data packets to dishanywhere server saying that it is alive?
I can control my DVR from dishanywhere i.e. change channels, set recordings, reboot the receiver. Does this means that the dishanywhere.com site is sending packets to the DVR on some port?
If yes, How do I find out the port number?
I want to know if there would be any network security issues?
networking firewall home-networking port-forwarding internet-security
asked May 22 '13 at 21:19
bcdbcd
61
I have a Dishtv receiver with sling adapter. The receiver is connected to my router.
The router is a netgear DD-WRT flashed router.
I was told be a dishtv rep that the router use port 80, 443 and 5678 and recommended that I keep UPnP enabled. I wasn't told it was udp or tcp.
I haven't set UPnP to enabled on my router yet, when I login into dish portal dishanywhere.com, I can see that my receiver is active (green status).
When I use one of those online portscanner and scan to see if my router to listening on these ports, I get a negative response.
How does dishanywhere know that my receiver is active?
Is the receiver sending data packets to dishanywhere server saying that it is alive?
I can control my DVR from dishanywhere i.e. change channels, set recordings, reboot the receiver. Does this means that the dishanywhere.com site is sending packets to the DVR on some port?
If yes, How do I find out the port number?
I want to know if there would be any network security issues?
networking firewall home-networking port-forwarding internet-security
networking firewall home-networking port-forwarding internet-security
asked May 22 '13 at 21:19
bcdbcd
61
asked May 22 '13 at 21:19
bcdbcd
61
asked May 22 '13 at 21:19
bcdbcd
61
asked May 22 '13 at 21:19
bcdbcd
61
asked May 22 '13 at 21:19
bcdbcd
61
61
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
UPnP is used to dynamically map exterior ports to interior ports on the go. This is used for NAT from your internal network to the exterior one. It is not really a security risk in itself since the port mappings are only really created when the device from the local network initiates the connection.
It is most important when you have multiple devices attempting to access the same resources on the same port. UPnP handles this type of situation.
What dishtv is recommending is that to ensure you don't have any connectivity issues that might arise from your current set up. Your router is smart enough to open up ports for your receiver when it connects out.
If you're really curious about which ports traffic is travelling on then you can hook up some intermediary device between your receiver and dish to monitor the traffic. You can do this with a hub and a PC running Wireshark. That will show you all the back and forth packets.
answered May 22 '13 at 21:41
Will.BeningerWill.Beninger
1,354724
add a comment |
Q1): Yes, Q2): UDP port 1900 Q3): Yes. Buy yourself a second NAT router and place your sling adapter on a DMZ.
answered May 22 '13 at 21:44
packetspackets
633511
hmm.. UPnP is disabled on my router.. yet the receiver to dishanywhere works.
– bcd
May 22 '13 at 22:06
add a comment |
Here is some port info for dish hopper with sling:
Extended IP access list Dishnet-in
10 permit icmp any any (2712 matches)
20 permit udp any any eq domain (227 matches)
50 permit udp any eq bootpc any (62 matches)
140 permit udp any any eq 5351 (90 matches)
160 permit udp any any eq 10102 (39700 matches)
220 permit tcp any any eq www (452 matches)
240 permit tcp any any eq 443 (851 matches)
260 permit tcp any any eq 8443 (332 matches)
280 permit tcp any any eq 8450 (5020 matches)
300 permit tcp any any range 1 1023 log (6 matches)
310 permit tcp any any eq 3074 (424 matches)
330 permit tcp any any eq 3490 (169 matches)
350 permit tcp any any range 1024 65535 log (1 match)
Extended IP access list Dishnet-out
10 permit icmp any any log (15 matches)
30 permit udp any eq domain any (227 matches)
230 permit tcp any eq www any (347 matches)
250 permit tcp any eq 443 any (905 matches)
270 permit tcp any eq 8443 any (179 matches)
290 permit tcp any eq 8450 any (2695 matches)
330 permit tcp any eq 3074 any (419 matches)
350 permit tcp any eq 3490 any (168 matches)
edited Jan 17 at 16:27
Glorfindel
1,42241220
answered Jan 17 at 15:00
mikemike
1
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f598782%2fport-listening-and-home-router-security%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
UPnP is used to dynamically map exterior ports to interior ports on the go. This is used for NAT from your internal network to the exterior one. It is not really a security risk in itself since the port mappings are only really created when the device from the local network initiates the connection.
It is most important when you have multiple devices attempting to access the same resources on the same port. UPnP handles this type of situation.
What dishtv is recommending is that to ensure you don't have any connectivity issues that might arise from your current set up. Your router is smart enough to open up ports for your receiver when it connects out.
If you're really curious about which ports traffic is travelling on then you can hook up some intermediary device between your receiver and dish to monitor the traffic. You can do this with a hub and a PC running Wireshark. That will show you all the back and forth packets.
answered May 22 '13 at 21:41
Will.BeningerWill.Beninger
1,354724
add a comment |
UPnP is used to dynamically map exterior ports to interior ports on the go. This is used for NAT from your internal network to the exterior one. It is not really a security risk in itself since the port mappings are only really created when the device from the local network initiates the connection.
It is most important when you have multiple devices attempting to access the same resources on the same port. UPnP handles this type of situation.
What dishtv is recommending is that to ensure you don't have any connectivity issues that might arise from your current set up. Your router is smart enough to open up ports for your receiver when it connects out.
If you're really curious about which ports traffic is travelling on then you can hook up some intermediary device between your receiver and dish to monitor the traffic. You can do this with a hub and a PC running Wireshark. That will show you all the back and forth packets.
answered May 22 '13 at 21:41
Will.BeningerWill.Beninger
1,354724
add a comment |
UPnP is used to dynamically map exterior ports to interior ports on the go. This is used for NAT from your internal network to the exterior one. It is not really a security risk in itself since the port mappings are only really created when the device from the local network initiates the connection.
It is most important when you have multiple devices attempting to access the same resources on the same port. UPnP handles this type of situation.
What dishtv is recommending is that to ensure you don't have any connectivity issues that might arise from your current set up. Your router is smart enough to open up ports for your receiver when it connects out.
If you're really curious about which ports traffic is travelling on then you can hook up some intermediary device between your receiver and dish to monitor the traffic. You can do this with a hub and a PC running Wireshark. That will show you all the back and forth packets.
answered May 22 '13 at 21:41
Will.BeningerWill.Beninger
1,354724
UPnP is used to dynamically map exterior ports to interior ports on the go. This is used for NAT from your internal network to the exterior one. It is not really a security risk in itself since the port mappings are only really created when the device from the local network initiates the connection.
It is most important when you have multiple devices attempting to access the same resources on the same port. UPnP handles this type of situation.
What dishtv is recommending is that to ensure you don't have any connectivity issues that might arise from your current set up. Your router is smart enough to open up ports for your receiver when it connects out.
If you're really curious about which ports traffic is travelling on then you can hook up some intermediary device between your receiver and dish to monitor the traffic. You can do this with a hub and a PC running Wireshark. That will show you all the back and forth packets.
answered May 22 '13 at 21:41
Will.BeningerWill.Beninger
1,354724
answered May 22 '13 at 21:41
Will.BeningerWill.Beninger
1,354724
answered May 22 '13 at 21:41
Will.BeningerWill.Beninger
1,354724
answered May 22 '13 at 21:41
Will.BeningerWill.Beninger
1,354724
1,354724
add a comment |
add a comment |
Q1): Yes, Q2): UDP port 1900 Q3): Yes. Buy yourself a second NAT router and place your sling adapter on a DMZ.
answered May 22 '13 at 21:44
packetspackets
633511
hmm.. UPnP is disabled on my router.. yet the receiver to dishanywhere works.
– bcd
May 22 '13 at 22:06
add a comment |
Q1): Yes, Q2): UDP port 1900 Q3): Yes. Buy yourself a second NAT router and place your sling adapter on a DMZ.
answered May 22 '13 at 21:44
packetspackets
633511
hmm.. UPnP is disabled on my router.. yet the receiver to dishanywhere works.
– bcd
May 22 '13 at 22:06
add a comment |
Q1): Yes, Q2): UDP port 1900 Q3): Yes. Buy yourself a second NAT router and place your sling adapter on a DMZ.
answered May 22 '13 at 21:44
packetspackets
633511
Q1): Yes, Q2): UDP port 1900 Q3): Yes. Buy yourself a second NAT router and place your sling adapter on a DMZ.
answered May 22 '13 at 21:44
packetspackets
633511
answered May 22 '13 at 21:44
packetspackets
633511
answered May 22 '13 at 21:44
packetspackets
633511
answered May 22 '13 at 21:44
packetspackets
633511
633511
hmm.. UPnP is disabled on my router.. yet the receiver to dishanywhere works.
– bcd
May 22 '13 at 22:06
add a comment |
hmm.. UPnP is disabled on my router.. yet the receiver to dishanywhere works.
– bcd
May 22 '13 at 22:06
hmm.. UPnP is disabled on my router.. yet the receiver to dishanywhere works.
– bcd
May 22 '13 at 22:06
hmm.. UPnP is disabled on my router.. yet the receiver to dishanywhere works.
– bcd
May 22 '13 at 22:06
add a comment |
Here is some port info for dish hopper with sling:
Extended IP access list Dishnet-in
10 permit icmp any any (2712 matches)
20 permit udp any any eq domain (227 matches)
50 permit udp any eq bootpc any (62 matches)
140 permit udp any any eq 5351 (90 matches)
160 permit udp any any eq 10102 (39700 matches)
220 permit tcp any any eq www (452 matches)
240 permit tcp any any eq 443 (851 matches)
260 permit tcp any any eq 8443 (332 matches)
280 permit tcp any any eq 8450 (5020 matches)
300 permit tcp any any range 1 1023 log (6 matches)
310 permit tcp any any eq 3074 (424 matches)
330 permit tcp any any eq 3490 (169 matches)
350 permit tcp any any range 1024 65535 log (1 match)
Extended IP access list Dishnet-out
10 permit icmp any any log (15 matches)
30 permit udp any eq domain any (227 matches)
230 permit tcp any eq www any (347 matches)
250 permit tcp any eq 443 any (905 matches)
270 permit tcp any eq 8443 any (179 matches)
290 permit tcp any eq 8450 any (2695 matches)
330 permit tcp any eq 3074 any (419 matches)
350 permit tcp any eq 3490 any (168 matches)
edited Jan 17 at 16:27
Glorfindel
1,42241220
answered Jan 17 at 15:00
mikemike
1
add a comment |
Here is some port info for dish hopper with sling:
Extended IP access list Dishnet-in
10 permit icmp any any (2712 matches)
20 permit udp any any eq domain (227 matches)
50 permit udp any eq bootpc any (62 matches)
140 permit udp any any eq 5351 (90 matches)
160 permit udp any any eq 10102 (39700 matches)
220 permit tcp any any eq www (452 matches)
240 permit tcp any any eq 443 (851 matches)
260 permit tcp any any eq 8443 (332 matches)
280 permit tcp any any eq 8450 (5020 matches)
300 permit tcp any any range 1 1023 log (6 matches)
310 permit tcp any any eq 3074 (424 matches)
330 permit tcp any any eq 3490 (169 matches)
350 permit tcp any any range 1024 65535 log (1 match)
Extended IP access list Dishnet-out
10 permit icmp any any log (15 matches)
30 permit udp any eq domain any (227 matches)
230 permit tcp any eq www any (347 matches)
250 permit tcp any eq 443 any (905 matches)
270 permit tcp any eq 8443 any (179 matches)
290 permit tcp any eq 8450 any (2695 matches)
330 permit tcp any eq 3074 any (419 matches)
350 permit tcp any eq 3490 any (168 matches)
edited Jan 17 at 16:27
Glorfindel
1,42241220
answered Jan 17 at 15:00
mikemike
1
add a comment |
Here is some port info for dish hopper with sling:
Extended IP access list Dishnet-in
10 permit icmp any any (2712 matches)
20 permit udp any any eq domain (227 matches)
50 permit udp any eq bootpc any (62 matches)
140 permit udp any any eq 5351 (90 matches)
160 permit udp any any eq 10102 (39700 matches)
220 permit tcp any any eq www (452 matches)
240 permit tcp any any eq 443 (851 matches)
260 permit tcp any any eq 8443 (332 matches)
280 permit tcp any any eq 8450 (5020 matches)
300 permit tcp any any range 1 1023 log (6 matches)
310 permit tcp any any eq 3074 (424 matches)
330 permit tcp any any eq 3490 (169 matches)
350 permit tcp any any range 1024 65535 log (1 match)
Extended IP access list Dishnet-out
10 permit icmp any any log (15 matches)
30 permit udp any eq domain any (227 matches)
230 permit tcp any eq www any (347 matches)
250 permit tcp any eq 443 any (905 matches)
270 permit tcp any eq 8443 any (179 matches)
290 permit tcp any eq 8450 any (2695 matches)
330 permit tcp any eq 3074 any (419 matches)
350 permit tcp any eq 3490 any (168 matches)
edited Jan 17 at 16:27
Glorfindel
1,42241220
answered Jan 17 at 15:00
mikemike
1
Here is some port info for dish hopper with sling:
Extended IP access list Dishnet-in
10 permit icmp any any (2712 matches)
20 permit udp any any eq domain (227 matches)
50 permit udp any eq bootpc any (62 matches)
140 permit udp any any eq 5351 (90 matches)
160 permit udp any any eq 10102 (39700 matches)
220 permit tcp any any eq www (452 matches)
240 permit tcp any any eq 443 (851 matches)
260 permit tcp any any eq 8443 (332 matches)
280 permit tcp any any eq 8450 (5020 matches)
300 permit tcp any any range 1 1023 log (6 matches)
310 permit tcp any any eq 3074 (424 matches)
330 permit tcp any any eq 3490 (169 matches)
350 permit tcp any any range 1024 65535 log (1 match)
Extended IP access list Dishnet-out
10 permit icmp any any log (15 matches)
30 permit udp any eq domain any (227 matches)
230 permit tcp any eq www any (347 matches)
250 permit tcp any eq 443 any (905 matches)
270 permit tcp any eq 8443 any (179 matches)
290 permit tcp any eq 8450 any (2695 matches)
330 permit tcp any eq 3074 any (419 matches)
350 permit tcp any eq 3490 any (168 matches)
edited Jan 17 at 16:27
Glorfindel
1,42241220
answered Jan 17 at 15:00
mikemike
1
edited Jan 17 at 16:27
Glorfindel
1,42241220
edited Jan 17 at 16:27
Glorfindel
1,42241220
edited Jan 17 at 16:27
Glorfindel
1,42241220
1,42241220
answered Jan 17 at 15:00
mikemike
1
answered Jan 17 at 15:00
mikemike
1
answered Jan 17 at 15:00
mikemike
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f598782%2fport-listening-and-home-router-security%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
