how do I get rid of an open port that Is impersonating AT&T IP address

JenJen Member Posts: 3
First Comment Photogenic
edited March 2020 in Devices & Security

I did an open port scan on my router and when I clicked on the middle one this screen came up saying it was impersonating the IP address. I’m new to this technical stuff and I’m still learning. I did try to go into the original ATT IP address to see if I could somehow get rid of the impersonating open port but I don’t understand enough to know what to do. I did search for quite some time to find a discussion on this before I posted

Any help would be appreciated.


Answers

  • RWildRWild Member Posts: 59
    25 Likes 10 Comments First Anniversary 5 Awesomes
    ✭✭✭
    The message says that the website may be impersonating the IP address.  I don't know the technical details but I get this message everything I access the web interface for one of my VM hosts.  It may have something to do with the fact that, if I am using http (not secure), it complains for that reason alone or because the VM interface is about to switch the connection to https (secure).
    I am a little confused as to exactly what you do to make the message appear but I don't think it's anything to be worried about it this case.
    Jen
  • JenJen Member Posts: 3
    First Comment Photogenic

    RWild,

    Thank you for the reply. 😃

    Would this still be the case if one of the other open ports is the actual IP address for AT&T?

  • RWildRWild Member Posts: 59
    25 Likes 10 Comments First Anniversary 5 Awesomes
    ✭✭✭
    Jen, the ports you are talking about are like addresses for services your computer or device uses to communicate, not the IP address of the computer or gateway using the service associated with the port.  Does that make sense?  Your router can open say port 80 and this allows any device on your network to use the http service that “owns” port 80 to communicate with unsecured websites.  Even if your router opens port 80, your computer could still close it which would keep it from connecting with unsecured websites.

    i am starting to get beyond the point that I think I know what I’m talking about 🤓 to try to relate what I’ve just sad to the warning message you received.  Sorry.  Maybe someone more knowledgeable will jump in and help.
    Jen
  • CrowgrandfatherCrowgrandfather Member, Beta Tester Posts: 69
    5 Answers 25 Likes 10 Comments First Anniversary
    ✭✭✭

    You scanned your router from the inside. Those ports all all normal.


    Port 53 is for DNS. It's what translates something like community.fing.com into an IP address that the computer can understand. If you close port 53 you'll break your internet because your computer won't be able to turn domain names into IPs.


    Port 80 is HTTP. It's basic unencrypted web browsing. This port is open so that you can access your routers admin interface. I don't even think you can close this on your router.


    Port 443 is HTTPS. Encrypted web browsing. This allows you to access the admin interface without allowing someone seeing your username and password by collecting traffic.


    Now about the warning. One additional thing HTTPS added was validation. HTTPS used certificates generated through very complicated math (don't ask me to explain it because I don't really understand it). This math results in the certificate being globally unique. There should never be too different certificates that have the same hash (signature). Now let's talk about the error.


    One of two things happened and neither of them are really bad.


    The first, and most likely, is that your router is using a self signed certificate. Part of that validation process mentioned above is that a third party company known as a Certificate Authority keeps a list of all the certificates they've issued. Your web browser trusts these CAs and so it checks with them to make sure the cert being presented to you is valid. These CAs "sign" the cert. Your router is likely signing the cert itself. Your browser therefore can't trust the cert because it's not being verified by a third party. Because of this your browser gives you a warning saying that someone might be pretending to be that domain because it has a cert but the cert can't be verified.


    Hope that helps

    ScoobyJen
  • ScoobyScooby Member Posts: 169
    25 Answers 100 Comments 25 Awesomes 25 Likes
    ✭✭✭
    I agree with @Crowgrandfather and just covering the last thing that wasn't mentioned. The IP address 192.168.1.254 is not an AT&T IP address. It is a "private" IP address, and is, most likely, the IP address of your router. "Private" IP addresses are used by home routers. They are special, in that they will work on your home network, but are not to be used on the Internet. Your ISP gives your router an IP address that you are able to use on the Internet, via the "public" side of your router. This link explains private IPs better:

    Jen
  • JenJen Member Posts: 3
    First Comment Photogenic

    Thanks all. Appreciate the info.

    Have a great day. 😁

Sign In or Register to comment.