Some ports are unintentional accessible from the Internet

Hi all,

my ISP notified me about a security issue concerning the port 1900/udp. I decided to scan the WAN-side of the Router (http://www.heise.de/security/dienste/Netzwerkcheck-2114.html). The scan reported three open ports: 80 (Webserver), 515 (Printerserver) and UPnP-Service. I was a little bit surprised because I disabled accessing the admin console from the outside. Does anybody know why port 80 is open although the configuration says it must be closed?

How can I stop accessing the aforementioned ports from the Internet?

I am using RT-AC87U, Firmware 3.0.0.4.378_5134.

on a router without configurability im not sure if you can. You might want to try merlins firmware as it has more options in disabling services in the admin section. You can also use port forwarding to a non existant IP as well to protect those ports but you may want to becareful with that because you only want to port forward traffic from outside.

Oberhallodri said:

Hi all,

my ISP notified me about a security issue concerning the port 1900/udp. I decided to scan the WAN-side of the Router (http://www.heise.de/security/dienste/Netzwerkcheck-2114.html). The scan reported three open ports: 80 (Webserver), 515 (Printerserver) and UPnP-Service. I was a little bit surprised because I disabled accessing the admin console from the outside. Does anybody know why port 80 is open although the configuration says it must be closed?

How can I stop accessing the aforementioned ports from the Internet?

I am using RT-AC87U, Firmware 3.0.0.4.378_5134.

Click to expand...

Did you try Defaulting the Settings?

Maybe the router is already compromised?

Oberhallodri said:

Hi all,

my ISP notified me about a security issue concerning the port 1900/udp. I decided to scan the WAN-side of the Router (http://www.heise.de/security/dienste/Netzwerkcheck-2114.html). The scan reported three open ports: 80 (Webserver), 515 (Printerserver) and UPnP-Service. I was a little bit surprised because I disabled accessing the admin console from the outside. Does anybody know why port 80 is open although the configuration says it must be closed?

How can I stop accessing the aforementioned ports from the Internet?

I am using RT-AC87U, Firmware 3.0.0.4.378_5134.

Click to expand...

Well, that's a bit of a surprise - none of those ports should be open to the WAN unless you specifically allow them to be...

If you've done some firmware upgrades lately, maybe best to do a hard reset on the router/AP, and reconfigure from scratch..

And then test again...

@Nullity No, default settings I have not tried but this is the next step.

@sfx2000 Asus Support recommended also performing a hard reset and reconfigure the router. Unfortunately without success.

The UPnP/Port 1900 Problem could be solved. This was simply a configutation problem. The problem with the Port 515 (Printerserver) and the open Adminconsole still exists. I contacted Asus support and many Emails later they came to the conclusion that this must be a hardware issue (???).

The final step before returning the Router to Asus I will reset the box to default settings.

Every consumer router does suffer from this issue. You can imitate configurable routers by using port forwarding to get around this issue but it does use more resources compared to the firewall from routerOS/ubiquiti.

Some services arent properly configured and listen to every interface. Its possible to configure this from the configuration files from the linux file system.