Port 4567 Open (Bullguard IoT Scanner)

Chris-G · June 26, 2017, 11:56am

I am running Pi-hole for both DHCP and DNS. DHCP is switched off on my TP-Link Archer C9 router. Everything seems to work OK, however!

When running Bullguards IoT scanner at http://iotscanner.bullguard.com/, the results show that my network is accessible via the internet on port 4567 and am therefore vulnerable to attacks. If I switch back to my original configuration by removing Pi-hole and switching DHCP back ON on my router, then running Bullguards IoT scanner shows my network to be safe!

Being open to attack is obviously not desirable. Is this a Pi-hole problem or a Router (firewall) problem?

Debug Token:

3lvghd2z8b

DanSchaper · June 26, 2017, 11:57am

We don't have any processes running on port 4567. We run DNS on port 53 and lighttpd on port 80.

DanSchaper · June 26, 2017, 11:59am

Do you have VerizonFIOS?

deathbybandaid · June 26, 2017, 12:00pm

Any forwarded ports, would be on your router, not the Pi-hole.

However, just to rule it out, if you are familiar with iptables, you can create a basic firewall that blocks port 4567.

Chris-G · June 26, 2017, 12:01pm

I don't even know what VerizonFIOS is. I'm in the UK by the way!

DanSchaper · June 26, 2017, 12:02pm

I would not be related to Pi-hole, that's just not a port that we access.

Chris-G · June 26, 2017, 12:03pm

What I don't understand is that without Pi-hole there is no problem!

DanSchaper · June 26, 2017, 12:06pm

If the scanner is a web-based scanner, then it's probing your router and unless you have a DMZ that you've placed the Raspberry Pi in and are forwarding ports via your router or have the Raspberry Pi exposed to the internet, I don't know why you are getting a hit on that port. We can't access your router to change or open ports.

deathbybandaid · June 26, 2017, 12:06pm

What are you running Pi-hole on?

I'm assuming a raspberry pi. If so, is it a clean copy of raspbian with nothing else running alongside it?

Chris-G · June 26, 2017, 12:09pm

It's absolutely clean, i.e. Pi-hole is the only thing running. Jessie and Pi-hole are all up to date.

I know this seems daft, but can someone try the test to see if it can be replicated!

deathbybandaid · June 26, 2017, 12:10pm

I have 5 ports open, and it identified them correctly, but I don't have a port 4567 available.

DanSchaper · June 26, 2017, 12:11pm

I have run that same test and it's only seeing my router, it can't get past that.

Chris-G · June 26, 2017, 12:17pm

OK. I think I need to detach everything from my network to see what device (if any) is opening the port and try to determine what device is opening the port. This could take a while...

Chris-G · June 26, 2017, 3:29pm

OK.
After reducing my network to Router, PC and Pi-hole, and various re-boots, I have come to the conclusion that there is a problem with the routers firmware. Even without Pi-hole I am now getting errors with a different port (7574) which I believe is a port normally used by ISP provided routers for remote configuration etc. Very strange as the router isn't an ISP supplied router!!! I guess the problem is something not being initialised properly and has shown itself due to reboot/re-powering the router.
Thanks for your help.

DL6ER · June 27, 2017, 7:42am

Or the online scanner is buggy...

Chris-G · June 27, 2017, 11:24am

You could be right. Testing the ports that have shown errors using other on-line port testers show the ports to be closed, unless the bullguard (Shodan) one is more aggressive.