Bell Hub 2000 Idiosyncrasy

It has come to my attention that there exists an idiosyncrasy in the way the Modem/Router of my ISP works, the new modem I was just given, which can lead other Bell customers to confusion.

In its port-forwarding rules, we can select whether we would like to forward a TCP port, a UDP port, or Both. People may habitually choose Both, maybe even because we do not remember which protocol we are using, only which port number it listens on.

If the LAN-computer is only listening on the corresponding UDP port, and we have told this router to forward Both, then an external port scan will tell us, that Both Ports Are Closed. This is because the corresponding TCP port on the LAN machine Is Closed, and because UDP ports generally do not have to report back, when they receive packets. UDP ports are stateless.

Thus, If some people have naively set up an OpenVPN server to listen on the UDP port, but have told the router to forward Both port-types, and if they then try to connect, the failure of the server to respond could have several reasons. But then, if those users ask an external port-scanner to give them the status of the WAN port, the scanner will tell them that the port is closed, and the users may jump to the conclusion, that they are being blocked on the side of the ISP, because obviously, the dedicated port-scanning site would not be blocking them, for the purpose of testing whether their WAN port is in fact listening.

Continue reading Bell Hub 2000 Idiosyncrasy