locked
TCP Port 4567 found open; do I need to do anything about this? RRS feed

  • Question

  • An online security scan of my computer (auditmypc.com) found TCP port 4567 open and stated that the virus/ trojan TRAM. listens on this port.  Do I need to be concerned and if so, what do I do about this issue?  I cannot find software using this port in the Advanced Settings page of the firewall configuration page.

     

    Thank you for any guidance on this issue.

     

    Steve

    Sunday, August 10, 2008 5:41 AM

Answers

All replies

  • Are you behind a cable/DSL modem and router? If so, the scan was likely of your modem/router. See here for some information regarding one use of the port:

    http://www.dslreports.com/forum/r20511704-Westell-6100-F90-port-4567

    -steve

     

    Monday, August 11, 2008 3:34 PM
    Moderator
  • Yes, I am using the Verizon modem discussed in the link you had sent and it appears that it is an open port so that Verizon can push out updates as needed (I guess mostly for the CATVs for the TVs... all of these are seen through this modem).  I don't like having an open port like that, but what can I do?  It is inherent in the Verizon setup.  Thank you for the help and answer.  Not being an expert in this area, I never would have thought to check about the Verizon modem as the source of this open port.  Just hope that this port is protected at the Verizon end of things....

    Monday, August 11, 2008 4:36 PM
  • I'm no expert, (and I'm also Steve from NJ, but not 55 yet...<g>) but I did a search for that port to see what it was for. I found the references to the malware, but then found the link about the modem and Verizon. The fact that the port is open means that there is something "listening" on that port *on the modem* to receive the push from Verizon. Your PC is actually never going to see anything from the port since the modem will intercept that traffic. If it were to make it to the PC, the OneCare firewall would block the traffic unless something on your PC was listening for traffic on that port. That's what the malware does - if it makes it to the PC.

    -steve

     

    Monday, August 11, 2008 5:58 PM
    Moderator
  • For some odd reason, it seems that the router under "port forwarding" "firewall settings" has TCP port 4567 active for "gaming, IM and so on" open. It DOES NOT let you disable, so it seems embedded as default. However, you can go to "Firewall Settings" on your router. Select "Advanced Filtering", under "Broadband Connection" select "add" to add the filtering of TCP port 4567. You will see various menu choices. The bottom line is that you want to drop any packets coming to your modem public IP address from any port to TCP port 4567. I did that, scanned again using the www.auditmypc.com trojan scan, and it worked. It should no other ports open when it initially said that TCP port 4567 was open. Hope this helps!

     

    Danny
    Friday, February 6, 2009 9:54 PM
  • @Danny6809,
    Thanks very much for this very useful snippet of information = it really worked on my Westell Ultraline Verizon FiOS router! I was apprehensive about having any open ports (such as 4567) that were not used by defined applications, and this solution of yours solved it well. Kudos!
    Friday, June 5, 2009 4:54 PM