32764 is not just a zip code in Florida.

Posted: January 11, 2014 in Security
Tags: , , , , , , , , ,

You could have an open backdoor to your router and your system.

Chuck Talking Tech / by Chuck Bienenfeld
January 11, 2013

One of the podcasts I find most valuable is Steve Gibson’s “Security Now” on the TWIT network.  This week Steve covered a well know hacker’s posting which exposed a port vulnerability on several popular router.

The port range on routers is between 0 and 65536. The hacker’s post noted that he had discovered that his Linksys WAG200G wireless DSL gateway was, for no reason he knew, listening and accepting TCP connections on port 32764. There’s was no purpose for it, no reason for it. He then discovered that this was also true of Linksys, Netgear, Cisco, and other routers.

Steve reports that this is important because at first he thought it was LAN only. But it turns out it is not LAN only. There are at least five known routers who have this port exposed on the WAN interface of the router, meaning the public Internet: the Cisco WAP4410N-E, with a bunch of firmware models, 2 point something something somethings; the Linksys WAG120N; the Netgear DG834B; and the Netgear DGN2000, with a bunch of firmware models; and, finally, the OpenWAG200. There are many more routers that are exposing this mysterious port on the LAN side.

On the bright side, Steve’s website, http://www.grc.com, offers many wonderful security and other tools.  One of these tools is ShieldsUP!.  ShieldsUP! was written for this exact reason and best of all it’s free.  ShieldsUP! can probe the ports on your router and reports any vulnerabilities.  You also configure it to scan an individual port, as in the instance.

To run a scan of this specific router port, open you browser and enter the following URL.


ShieldsUP! will report back the I.P. address of your router and the status of the port probe.  For a router with port 32764 not publicly exposed the scan status will be green and stealth or closed.  If this or any port is identified as publicly exposed what can you do?

If you do have a port open, exposed, and in ShieldsUP! the port probe will say open if it is, the suggested workaround is to manually put in a firewall rule to block that port.  After adding the firewall rule then retesting will assure you that the firewall rule is working and the port vulnerability has been addressed.

For a more complete list of compromised browsers navigate to the GitHub posting: https://github.com/elvanderb/TCP-32764 Google 32764.  At this point the experts do not know why this port has been left vulnerable on so many different router built by so many different companies.  Please follow chucktalkingtech.com for updates as they occur.

  1. Concepcion says:

    Attractive element of content. I simply stumbled upon your site and in accession capital to assert that I get in fact loved account your blog posts.
    Any way I’ll be subscribing to your augment and even I success you get right of entry to persistently rapidly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s