Hi, thanks for the support package.
In the logs, I see that Avast's scanning backend successfully connected to the port 7547 on your Internet-facing IPv4 address. It received an actual response:
"data" : "",
"headers" :
[
"Server: gSOAP/2.7",
"Content-Length: 0",
"Connection: close"
],
"port" : 7547
This is not a good sign, because attackers may try to exploit some vulnerability in the software running on the port. Avast's backend doesn't try any exploit, it just checks if the service on the port communicates, which it does.
My router is provided by my ISP and they claim that the port is secured in code and there is no proof it was ever used in a successful attack and for 'operational reasons' they keep it open.
They might be right that it's actually secured in code. The question is how much do you trust your ISP. If they have bug in their code, it might not be as secure as they think. It would be better if they didn't take the risk and filtered the port from public Internet access on their firewall. Avast reports this issue because it's a
potential vulnerability.
... but I have never received this warning from Avast before last Tuesday. My ISP claim the port was always open so they have no idea why Avast report it to be a security threat now and not before.
This is because we had a bug in our Mac implementation, which caused the outside scan not working. It was fixed in a recent update (Avast 14.10 ddd643fc9a1d).
This is remind me of when I tried to scan the port locally, it was returned 'connection refused' or did not respond. So guess I was getting the same result locally and maybe the 1. test in ShieldsUp failed simply because the port responded 'connection refused'? it is not too bad is it? I mean when you scan the network port 7547 does not show up and even if you scan port 7547 specifically it is refuse any connection and do not respond.
The port seems to be closed to your internal network, it's accessible only from ouside. That's why you see "connection refused" when scanning it locally.
So despite the fact, it is open to the internet, does it mean it is secure as my ISP claim it to be?
It may be or it may not. The basic security rule is to make the attack surface as small as possible. This open port is part of the potential attack surface.
A randomly googled article regarding this port:
https://www.ispreview.co.uk/index.php/2020/11/isp-virgin-media-uk-closes-port-7547-after-leaving-it-open.html