Sign up
 Vonage  

       
 
Vonage Forum Menu

Vonage Forums
Vonage VoIP Forum
mikebrown Posted:
Hello, I think
you should consult
it with the Expert
they can surely
help you
...

In The Forum:
Hard Wiring - Installation
Topic:
Hardwiring in a Rental House
On Jun 24, 2017 at 09:15:34

Haniltery Posted:
For wipe call
history also some
of the offline, in
gengral , it
usually apply to
...

In The Forum:
Vonage
Topic:
How to Delete call history from online account?
On May 09, 2017 at 06:14:26

diana87 Posted:
You have to use
VPN service to
bypass
Geo-restrictions
and get free
access while
...

In The Forum:
Vonage
Topic:
Recent calling problem from Egypt
On May 02, 2017 at 17:28:06

dconnor Posted:
What is the main
number on the
account? And
which one is the
virtual number?
...

In The Forum:
Vonage UK
Topic:
How do you call 999
On Apr 27, 2017 at 18:52:02

Trafford Posted:
Seems like a
simple
question. We
rely exclusively
on a Vonage system
for our
...

In The Forum:
Vonage UK
Topic:
How do you call 999
On Apr 27, 2017 at 10:42:50

diazou Posted:
Hello, It's
compatible with
Android your phone
software
? Thanks!
...

In The Forum:
Vonage
Topic:
IP PBX for small business
On Mar 28, 2017 at 12:42:33

jeddaisg Posted:
Hi all We have
a Vonage VOIP
system for our
office. Lately,
our call quality
...

In The Forum:
Vonage
Topic:
Ethernet Cable; Wiring schematic? 568-B?
On Feb 23, 2017 at 18:33:52

beast321 Posted:
I don't know if
you heard, that
many more
Dreamcast games
are opened up
recently.
...

In The Forum:
Fax - Tivo - Alarms
Topic:
Using phone as a dial up modem for Dreamcast Gaming
On Feb 16, 2017 at 03:16:51

Av8rix Posted:
Sorry to start a
new thread on an
old topic but when
I google “Vonage
MAC address
...

In The Forum:
Vonage
Topic:
New adapter and router -- MAC change
On Jan 11, 2017 at 01:07:21

tplink Posted:
Im trying to add
my HT802 vonage
adapter to my home
network. I
currently have
...

In The Forum:
Hard Wiring - Installation
Topic:
Vonage behind switch
On Dec 05, 2016 at 12:35:11


Vonage VoIP Forums

Vonage In The News
Vonage Expands International Presence with Investments in Asia Pacific Region

Vonage to Present at the Oppenheimer 20th Annual Technology, Internet & Communications Conference

Syndication

Vonage Customer Reviews
Salt Lake City: impressions after several months
Salt Lake City: impressions after several months



Review: My First Day With Vonage, Excellent!
Review: My First Day With Vonage, Excellent!



Great Price, No Complaints
Great Price, No Complaints



You need some common sense.
You need some common sense.



Vonage Customer Review: One month with Vonage, and...
Vonage Customer Review: One month with Vonage, and...




Vonage Reviews


Post new topic   Reply to topic  Vonage® VoIP Forum - Vonage News, Reviews And Discussion » Vonage
Author Message
pianoman
New Forum Member
New Forum Member


Joined: Nov 01, 2008
Posts: 2

PostPosted: Sat Nov 01, 2008 5:29 pm    Post subject: V-Portal - Port 22? Reply with quote Back to top

Hello,

After a series of tests I've concluded that the issue I'm having is with my V-Portal. My probe tests show port 22 closed as opposed to stealth. I thought it may have been my cable modem or my WiFi router, yet it appears to be on the Vonage end.

Does Vonage use port 22 (SSH) for something? Could some tell me how to stealth this port? If this is not possible could someone go over how to block or forward this port to a non working address? I know nothing about the V-Portal.

Thanks
View user's profile Send private message
VonTechMgr
Vonage Forum Evangelist
Vonage Forum Evangelist


Joined: Jan 02, 2008
Posts: 656
Location: NJ

PostPosted: Sat Nov 01, 2008 8:12 pm    Post subject: Reply with quote Back to top

Port 22 is used for secure shell for troubleshooting purposes but is disabled on all Vonage devices by default. Only you as the customer would be able to enable it when working with a Vonage tech.

There is no secuirty risk because the device is not listening on port 22 until you enable it and cannot be accessed until then.
View user's profile Send private message
pianoman
New Forum Member
New Forum Member


Joined: Nov 01, 2008
Posts: 2

PostPosted: Sat Nov 01, 2008 8:43 pm    Post subject: Reply with quote Back to top

Could someone please go over with me the procedure for forwarding Port 22? I did not have anything to do with enabling this port, yet it is enabled. I would like to forward it to a null IP, as trying to figure out how/why it is open seems to be futile.

Thanks.
View user's profile Send private message
VonTechMgr
Vonage Forum Evangelist
Vonage Forum Evangelist


Joined: Jan 02, 2008
Posts: 656
Location: NJ

PostPosted: Sat Nov 01, 2008 9:07 pm    Post subject: Reply with quote Back to top

The port is not enabled. If it were enabled, when sniffing for this port, it would show as Open not Closed. All this tells someone is that a host exists at this IP. If all ports were stealth, then you would be almost invisible to the internet. Having closed ports in in no way a bad thing. The VDV21 by default will also not respond to IMCP so a ping sweep would not reveal you. Only someone who is sniffing for known ports on your IP or subnet would be able to verify your existence.

Open ports are visible and respond to probes. This could be highly dangerous because it will allow hackers to gain access to your system if they really wanted to.

Closed ports are visible but not open. Meaning that the ports are not in use. Applications cannot access to the network if the required ports are closed and therefore will not respond to requests.

Stealth ports are not visible and do not respond to probes.

If you are the paranoid type that insists on all your ports, being stealth, it requires the use of a real firewall. You can purchase a router and place the VDv21 behind it. However, if someone was to sniff your IP for all service ports, the person would still know that a host exists at this IP as your SIP port 1000 would be open making your host visible.

If you want to set up sudo 'Honey Pot" which is port forwarding to a dummy IP, just go to the Advanced Section in the VDV21 interface, then port forwarding and set TCP port 22 to forward to 192.168.15.254 which I am sure nothing on your network is using. A true 'Honey Pot' is forwarding to another machine hosting the service which allows the hacker to play around in a machine that has absolutely nothing on it and no connectivity to the rest of your LAN.

Just remember by doing this, if you ever had to work on an issue with Tech Support which required them to ssh to your device to capture data needed by the device Vendor, you would need to remove the port forwarding.
View user's profile Send private message
Anarchist
New Forum Member
New Forum Member


Joined: Nov 27, 2009
Posts: 1

PostPosted: Fri Nov 27, 2009 6:40 pm    Post subject: V Portal - Port 22 Reply with quote Back to top

OK, you did a good job telling us that port 22 can only be enabled by the used when talking to tech support. Why don't you just say how to make it stealth and get it over with, rather than going on and on about how it's not dangerous? How do you make port 22 stealth? Do you actually know? I've been all through the settings @ v-configure.com and I see nothing out of the ordinary that would indicate that port 22 was at one time made closed as opposed to stealth. Can you tell us interested parties, or not?
View user's profile Send private message
VonTechMgr
Vonage Forum Evangelist
Vonage Forum Evangelist


Joined: Jan 02, 2008
Posts: 656
Location: NJ

PostPosted: Fri Nov 27, 2009 6:47 pm    Post subject: Reply with quote Back to top

If you want it stealthed then you need to put it behind another router or firewall otherwise it will remain a Closed port.. In addition, I would love to know if all the Network so-called geniuses that ask these questions are actually running probes from outside the local network or to the LAN side of the VDV21. I don't believe that port 22 will show up in a port scan from the WAN side unless it is enabled. If you probe from the LAN then yes it will show up as closed port on the private interface.
View user's profile Send private message
ScottZ013
Vonage Forum Associate
Vonage Forum Associate


Joined: Aug 15, 2008
Posts: 11

PostPosted: Fri Nov 27, 2009 9:27 pm    Post subject: Reply with quote Back to top

tchmgr I don't know why you are wasting your time. You answered his question 3 times and he doesn't get it. You were trying to help him and he snapped at you for offering advice. He just wanted to hear what he wanted to hear. Thanks for your help. Its refreshing to hear someone who knows what he is talking about.
View user's profile Send private message
VonTechMgr
Vonage Forum Evangelist
Vonage Forum Evangelist


Joined: Jan 02, 2008
Posts: 656
Location: NJ

PostPosted: Fri Nov 27, 2009 10:01 pm    Post subject: Reply with quote Back to top

Well I did not answer his question in the original post since it was posted by someone else 1 year ago and he reopened it today. It is fine that people are curious and want to better understand why things are the way they are especially those who are security conscious. As long as those who are security conscious are network professional themselves and are not just going off of hear say by someone who believes they are a network professional..

In a case like this, one must first understand that the code base in the VDV21 is linux based which means it uses a form of iptables. Next, one must understand how an iptables firewall works. There are drop and reject statements that can be used. Depending upon which line in the iptables uses drop / reject for each port or service is only known to the chipset developers who wrote the code. Each will provide a different result such as Closed vs Filtered.

Closed Port:
- If you send a SYN to a closed port, it will respond back with a RST.
Open Port:
- If you send a SYN to an open port, you should receive a SYN/ACK.
Filtered Port:
- The packet is simply dropped and you receive no response (not even a RST).

I have personally just run a port scan using NMAP from a linux box against the WAN port of a VDV21 and the only known ports that show up are 8080 tcp as Open because the Web Remote Management is Enabled and 10000 tcp as Closed. If I scan just tcp port 22 it shows as Filtered just as every other port that is not in use. So from what I see since the WAN port shows tcp port 22 as Filtered, this would be Stealth based upon the definition of what Filtered and Closed are.

I then ran another port scan after enabling ssh in the VDV21 and it showed as Open as expected.

After disabling ssh, I ran another scan and sure enough, it now shows up as Closed. So it looks like the ssh service was off by default until I turned it on and the iptables entry filtered the port. After turning on ssh for the first time, it turns the service on and creates an iptables entry to allow connections. After disabling ssh, it then leaves the iptables entry which will allow connections when the service is running so therefore is no longer filters port 22. This is what would cause it to show up as a Closed port since the firewall does allow it but the service is just not listening on this port because it is disabled.

It is possible that a factory reset will set it back to a filtered state if it believes the ssh service was never enabled. However, since I am remotely accessing the VDV21 right now, I cannot test this out otherwise I will lose the ability to log back into the web interface to test other things.
View user's profile Send private message
StaticIP
New Forum Member
New Forum Member


Joined: Mar 30, 2011
Posts: 1

PostPosted: Wed Mar 30, 2011 10:33 pm    Post subject: Reply with quote Back to top

VonTechMgr wrote:
Well I did not answer his question in the original post since it was posted by someone else 1 year ago and he reopened it today. It is fine that people are curious and want to better understand why things are the way they are especially those who are security conscious. As long as those who are security conscious are network professional themselves and are not just going off of hear say by someone who believes they are a network professional..

In a case like this, one must first understand that the code base in the VDV21 is linux based which means it uses a form of iptables. Next, one must understand how an iptables firewall works. There are drop and reject statements that can be used. Depending upon which line in the iptables uses drop / reject for each port or service is only known to the chipset developers who wrote the code. Each will provide a different result such as Closed vs Filtered.

Closed Port:
- If you send a SYN to a closed port, it will respond back with a RST.
Open Port:
- If you send a SYN to an open port, you should receive a SYN/ACK.
Filtered Port:
- The packet is simply dropped and you receive no response (not even a RST).

I have personally just run a port scan using NMAP from a linux box against the WAN port of a VDV21 and the only known ports that show up are 8080 tcp as Open because the Web Remote Management is Enabled and 10000 tcp as Closed. If I scan just tcp port 22 it shows as Filtered just as every other port that is not in use. So from what I see since the WAN port shows tcp port 22 as Filtered, this would be Stealth based upon the definition of what Filtered and Closed are.

I then ran another port scan after enabling ssh in the VDV21 and it showed as Open as expected.

After disabling ssh, I ran another scan and sure enough, it now shows up as Closed. So it looks like the ssh service was off by default until I turned it on and the iptables entry filtered the port. After turning on ssh for the first time, it turns the service on and creates an iptables entry to allow connections. After disabling ssh, it then leaves the iptables entry which will allow connections when the service is running so therefore is no longer filters port 22. This is what would cause it to show up as a Closed port since the firewall does allow it but the service is just not listening on this port because it is disabled.

It is possible that a factory reset will set it back to a filtered state if it believes the ssh service was never enabled. However, since I am remotely accessing the VDV21 right now, I cannot test this out otherwise I will lose the ability to log back into the web interface to test other things.



Confused I have been using a VDV21 for over a year, and recently moved to North Carolina where I was unable to get more than 1 Static IP. Therefore I set my DSL modem in Bridging Mode, and used the VDV21 behind it to take care of NAT to the house systems, and DMZ for my webserver.

All was working fine, and I configured the Port Filtering to protect all of the systems by eliminating other than needed ports below 1000. I use Putty to communicate with my server when I am away from it, and even open port 22 when needed to allow others with webpages on my server to update their content. They phone me... I open the port, and when finished they call and I close it.

All was ok until about 60 days ago. Port 22 stayed open, and would not respond to commands.

Vonage's answer was to update the firmware... and did so with no positive results. Next I ordered a replacement VDV21, and they reluctantly replaced my 20 month old unit. But to no avail... the replacement functioned identically to the old unit.

My server responds to internal addressing on port 21, and does the cirtificate thing, and works fine, but using the public address it fails to operate even when port 22 shows open. I opened it using "Network Options" instead of the port filtering option.

Woe is me... anyone have any suggestions as to what the heck is happening?
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


All times are GMT - 5 Hours

Vonage Service Plans


Vonage VoIP Members
Members List Members
New patsykf3
New Today 0
Yesterday 0
Total 101029

Who Is On Site
Visitors 1
Members 1
Total 2


Vonage VoIP Forum Members:
Login Here
Not a Member? You can Register Here
As a registered member you will have access to the VoIP Speed Test, Vonage Service Announcements and post comments in the
Vonage VoIP Forums

Vonage Stock Price
Value:
Change:   
Up to 15 Minute Delay

Site Search
 






†AK and HI residents pay $29.95 shipping. ††Limited time offer. Valid for residents of the United States (&DC), 18 years or older, who open new accounts. Offer good while supplies last and only on new account activations. One kit per account/household. Offer cannot be combined with any other discounts, promotions or plans and is not applicable to past purchases. Good while supplies last. Allow up to 2 weeks for shipping. Other restrictions may apply.

1Unlimited calling and other services for all residential plans are based on normal residential, personal, non-commercial use. A combination of factors is used to determine abnormal use, including but not limited to: the number of unique numbers called, calls forwarded, minutes used and other factors. Subject to our Reasonable Use Policy and Terms of Service.

2Shipping and activation fees waived with 1-year agreement. An Early Termination Fee (with periodic pro-rated reductions) applies if service is terminated before the end of the first 12 months. Additional restrictions may apply. See Terms of Service for details.

HIGH SPEED INTERNET REQUIRED. †VALID FOR NEW LINES ONLY. RATES EXCLUDE INTERNET SERVICE, SURCHARGES, FEES AND TAXES. DEVICE MAY BE REFURBISHED. If you subscribe to plans with monthly minutes allotments, all call minutes placed from both from your home and registered ExtensionsTM phones will count toward your monthly minutes allotment. ExtensionsTM calls made from mobiles use airtime and may incur surcharges, depending on your mobile plan. Alarms, TTY and other systems may not be compatible. Vonage 911 service operates differently than traditional 911. See www.vonage.com/911 for details.

** Certain call types excluded.

www.vonage-forum.com is not an official Vonage support website & is independently operated.
All logos and trademarks are property of their respective owners. All comments are property of their posters.
All other www.vonage-forum.com content is © Copyright 2002 - 2013 by 4Sight Media LLC.

Thinking of signing up for Vonage but have questions?
Business and Residential customers can call Toll Free 24 hours a day at: 1-888-692-8074
No Vonage Promotion Code or Coupon Codes are required at www.vonage.com to receive any special,
best Vonage cheap deals, free sign up offers or discounts.

[ | | | | | ]

Vonage Forum Site Maps

Vonage | VoIP Forum | How VoIP Works | Wiring and Installation Page Two | International Rate Plans 2 | Internet Phone
Promotion | Vonage Review | VoIP | Broadband Phone | Free Month | Rebate | Vonnage | Vontage | VoIP | Phone Service
Phone | llamadas ilimitadas a Mexico | Latest News | VoIP Acronyms | Deal | Philippines Globe Phone | Site Maps

The Vonage Forum provides the Vonage sign up Best Offer Promotion Deal.
If you are considering signing up for Vonage and have found our Vonage News, Customer Reviews, Forums
& all other parts of this site useful, please use our Vonage Sign up page.


Vonage VoIP Phone Service is redefining communications by offering consumers
& small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 2.49 Seconds and Pages In The Last 60 Seconds
The Vonage VoIP Forum