ac56u - ports 22, 80, 443 open and nothing in stealth as per GRC - why?

[secas]

As per GRC.com test, port 22, 80, and 443 are open using common port test. All else is closed. Nothing is in stealth. I'm used to seeing everything in stealth, but admittedly it has been a few years since the ac56u has been used as a router and checked at GRC. I got a new ISP yesterday, and I put the ac56u back into service as a router. After I saw the poor results at GRC (using Windows 10 and Windows Defender as well), I reset the router to factory defaults and reconfigured it turning off every service I could (i.e. USB/AICloud, etc). I tested again with the same results. I then installed zonealarm and turned public and trusted zones to high. I tested at GRC again with the same results. What am I missing? I can tell from reading this site that most of you are way above my intellect level. Please type slowly Should I be concerned?

The Asus Router is using the latest Asus firmware (3.0.0.4.382_50624)

Just had a thought. Does GRC probe the network, or just the computer I’m on? If zonealarm made no difference to my results perhaps it isn’t my computer that is the problem. I have all kinds of connected devices on wifi (Roku, thermostats, Alexa, google, etc).

Thank you in advance.

 

[ColinTaylor]

Just had a thought. Does GRC probe the network, or just the computer I’m on?

Neither. It probes the public IP address associated with your connection to the GRC web site. If GRC is saying those ports are open then it's probably probing some other piece of equipment between your router and GRC.

Does your RT-AC56U have a public IP address? If you log into the router's interface, what are the first two octects of the "WAN IP"? e.g. "192.168.x.y", "172.16.x.y", "10.0.x.y", "100.64.x.y", etc.

 

[secas]

Thank you. 192.168 are first two octects.

I did a bit more "troubleshooting". I disconnected everything from the network except one computer on LAN. I ran Shields Up. I got the same results. I then took a laptop (different computer), and plugged it straight into the modem (no router). I got the exact same result. Thus, I believe GRC is probing something outside of my network. Probably something associated with the ISP. Does that make sense?

Should I be concerned about this and if so, what should my next steps be?

Thank you,
Chris

 

[ColinTaylor]

Thank you. 192.168 are first two octects.

This is the problem. Your RT-AC56U is not directly connected to the internet (192.168.x.y is a private address).

I then took a laptop (different computer), and plugged it straight into the modem (no router). I got the exact same result.

The device you are plugging into here is not just a modem, it is a combination modem and router (does it also have WiFi?). What is the make and model number of this device?

So you have two routers, one behind the other. The first one (with the integrated cable modem) will have your public IP address. So it's likely that GRC is probing this "other" device.

 

[secas]

Thank you so much. This is making more sense.

I am in a rural location. The ISP uses a point to point ubiquiti "air fibre" radio installed on the roof of my house to provide a wireless connection to their tower. What I was calling a modem, the ISP called an injector. I believe it provides the power to the radio. Would this injector/radio on my roof be operating as a router? Would this be what GRC is probing, or would it be some equipment further upstream i.e. at the tower?

 

[ColinTaylor]

Ah, OK. I'm not familiar with that sort of device but looking at their website it appears to be a point to point connection as you said. So yes, my guess would be that GRC is probing your ISP's upstream equipment rather than anything installed at your location.

 

[OzarkEdge]

Ah, OK. I'm not familiar with that sort of device but looking at their website it appears to be a point to point connection as you said. So yes, my guess would be that GRC is probing your ISP's upstream equipment rather than anything installed at your location.

So, if the OP is seeing 192.168.x.x on his router's WAN side, what should he be setting on his router's DHCP Server for its LAN side?

OE

 

[ColinTaylor]

So, if the OP is seeing 192.168.x.x on his router's WAN side, what should he be setting on his router's DHCP Server for its LAN side?

This is not normally a problem as the router will automatically detect if there's a conflict between the WAN subnet and the LAN subnet when it is first set up.

So if for example, the WAN interface was on 192.168.1.0/24 (which the router would normally use for its LAN), the router will change its LAN subnet to 192.168.2.0/24 IIRC. In short - he doesn't need to make many changes to the router's DHCP server.

 

[follower]

As per GRC.com test, port 22, 80, and 443 are open using common port test. All else is closed. Nothing is in stealth. I'm used to seeing everything in stealth, but admittedly it has been a few years since the ac56u has been used as a router and checked at GRC. I got a new ISP yesterday, and I put the ac56u back into service as a router. After I saw the poor results at GRC (using Windows 10 and Windows Defender as well), I reset the router to factory defaults and reconfigured it turning off every service I could (i.e. USB/AICloud, etc). I tested again with the same results. I then installed zonealarm and turned public and trusted zones to high. I tested at GRC again with the same results. What am I missing? I can tell from reading this site that most of you are way above my intellect level. Please type slowly Should I be concerned?

The Asus Router is using the latest Asus firmware (3.0.0.4.382_50624)

Just had a thought. Does GRC probe the network, or just the computer I’m on? If zonealarm made no difference to my results perhaps it isn’t my computer that is the problem. I have all kinds of connected devices on wifi (Roku, thermostats, Alexa, google, etc).

Thank you in advance.

How about forwarding the port that you want to hide to random private IP which doesn't exist.