I ran an external scan on pFSense 2.6.0 and it came back with, “TCP port 0 is open on the remote host. This is highly suspicious as this TCP port is reserved and should not be used. This might be a backdoor (REx).”
Additional information
In /etc/inc/filter.inc there are two port 0 lines:
block {$log[‘block’]} quick inet proto { tcp, udp } from any port = 0 to any ridentifier {$increment_tracker()} label “Block traffic from port 0”
block {$log[‘block’]} quick inet proto { tcp, udp } from any to any port = 0 ridentifier {$increment_tracker()} label “Block traffic to port 0”
In an older post these lines were formatted differently (version 2.4.xx?):
block {$log['block']} quick inet proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0"
block {$log['block']} quick inet proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0"Port 0 is not really used and is blocked.
https://www.reddit.com/r/PFSENSE/comments/fnb0fg/port_0_closed/
That is what I would expect based on the “We use the mighty pf, we cannot be fooled” script but OpenVAS still detects it. Wondering if it is an issue with OpenVAS.